[grsec] grsecurity 2.1.10 released for Linux 2.4.34/2.6.19.2

harry rik.bobbaers at cc.kuleuven.be
Mon Jan 15 13:22:33 EST 2007


in the latest patch:
-           min_t(unsigned long, KERNEL_PGD_PTRS, USER_PGD_PTRS));
+           min(unsigned long, KERNEL_PGD_PTRS, USER_PGD_PTRS));

for ./arch/i386/kernel/smpboot.c

this should be:
min(KERNEL_PGD_PTRS, USER_PGD_PTRS)); => the extra bracket is for...
hell, read the patch ;))
right? because min only takes 2 args
or it shouldn't be changed at all, that's a possibility too :)

right now, i get a compiler error on that one...

Brad Spengler wrote:
> grsecurity 2.1.10 was released today for Linux 2.4.34 and 2.6.19.2. 
> Changes in this release include:
> 
>     * Fixes to PaX flag support in RBAC system
>     * PaX updates for non-x86 architectures in 2.4.34 patch
>     * Fix for setpgid in chroot problem reported on forums
>     * Removal of randomized PIDs feature, since it provides no useful 
>       additional security and wastes memory with the 2.6 kernel's pid bitmap
>     * Fixed /proc usage in a chroot in 2.6 patch
>     * Added admin role to generated policy from full learning
> 
> The version was incremented due to required gradm changes for the PaX 
> flags.  This patch corrects the "dropped command" problem reported here 
> on the mailing list and the forums.  I've also posted an official 
> comment on the website regarding the alleged vulnerabilities in 
> grsecurity/PaX.
-- 
harry
aka Rik Bobbaers

K.U.Leuven - LUDIT          -=- Tel: +32 485 52 71 50
Rik.Bobbaers at cc.kuleuven.be -=- http://people.linux-vserver.org/~harry

thinking always leads to conclusions... and those can be extremely dangerous
-- me ;)

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm



More information about the grsecurity mailing list