[grsec] fixed: patch 2.1.14-2.6.31.1-200909251752 doesn't build
pageexec at freemail.hu
pageexec at freemail.hu
Sun Sep 27 03:42:09 EDT 2009
On 26 Sep 2009 at 23:46, Carlos Carvalho wrote:
> It seems the problem is wrong permissions. grsecurity/Makefile
> ends up removing user write permission for the build directory...
> It's caused by
... spender ;). it's his changes to harden the compilation
source/directories as they can leak information with incorrect
permissions (which does occur in real life as not everyone
takes care of them).
> WARNING: modpost: Found 2236 section mismatch(es).
>
> but it also happens with previous patches. Why does it happen? When I put
> the .config in a tree without grsec, make menuconfig and exit without
> changing anything, and doing a make bzImage I get only 3 section
> mismatches.
>
> BTW, what do these mismatches mean?
the extra section mismatches are due to my changes, i explicitly
added detection for writable function pointers which are potential
exploit targets, just to know how many of them there are. we've been
eliminating some of them already but this work will never finish.
as for what they are in general, a mismatch means an unwanted reference
from one section to another. say, accessing init code or data from
normal code/data is not good since init sections are freed up on boot,
so any reference to them must not exist from permanent sections.
More information about the grsecurity
mailing list