[grsec] grsecurity 2.1.7 released for Linux 2.4.32-rc3/2.6.14.2
Brad Spengler
spender at grsecurity.net
Sun Nov 13 16:49:39 EST 2005
grsecurity 2.1.7 has been released for the 2.4.32-rc3 and 2.6.14.2
versions of the Linux kernel. Changes in this version include:
* The internal storing and searching of objects, subjects, and roles
in the RBAC system has been overhauled. We now use chained hash tables
that offer much better long-run performance. The IP tagging code also
benefits from this change, which should improve overall system
performance.
* Processes are now allowed to read their own /proc/<pid>/maps file,
fixing a compatibility issue with libpthread
* Many PaX updates, including a fix that corrects xargs behavior
with long argument lists
* Learning config update: /tmp, /var/tmp will always reduce
* CPU time resource limits in the RBAC system have been corrected
* Only /dev/urandom is now used for generating the salt for the
password hashes, correct the gradm -P users with low entropy for
randomness experienced. /dev/urandom is safe to use in this case, since
the salt we are generating is large compared to normal password hashing
routines, and the hash itself is kept secret while the RBAC system is
enabled.
* Usernames with "." in them are now supported in RBAC policy
* Fixed problem in RBAC system where keventd would be denied a
signal send to X11
* Fixed a problem with alarm() and the chroot restrictions
* Several other bugfixes
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20051113/4458a412/attachment.pgp
More information about the grsecurity
mailing list