2.6.33 patch

Discuss and suggest new grsecurity features

2.6.33 patch

Postby hackman » Wed Mar 03, 2010 6:57 am

Hello,
I have ported almost all changes from 2.6.32.9 to 2.6.33 however I'm not very good with assembler so I skipped a few files:

arch/x86/kernel/entry_64.S
arch/x86/kernel/head_32.S
arch/x86/kernel/head_64.S
arch/x86/kernel/vmlinux.lds.S
arch/x86/lib/copy_user_64.S

So, can someone help me with those ?

I'll publish my patch tonight and place the URL here.
hackman
 
Posts: 10
Joined: Mon Jan 07, 2008 4:46 am

Re: 2.6.33 patch

Postby spender » Wed Mar 03, 2010 8:48 am

We will have a 2.6.33 patch up soon. As always, with each new kernel version, we need to ensure that nothing's been added to or changed in the kernel that would bypass the extra security grsec provides; it's not just a job of patching and fixing rejects.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: 2.6.33 patch

Postby hackman » Wed Mar 03, 2010 9:54 am

so, do you want the ported patch or not?
hackman
 
Posts: 10
Joined: Mon Jan 07, 2008 4:46 am

Re: 2.6.33 patch

Postby wao » Wed Mar 03, 2010 2:05 pm

spender wrote:We will have a 2.6.33 patch up soon. As always, with each new kernel version, we need to ensure that nothing's been added to or changed in the kernel that would bypass the extra security grsec provides; it's not just a job of patching and fixing rejects.

-Brad

when will be 2.6.33 grsec patch available? just +/-
wao
 
Posts: 4
Joined: Sat Feb 27, 2010 9:22 am

Re: 2.6.33 patch

Postby hackman » Mon Mar 08, 2010 12:17 am

hackman
 
Posts: 10
Joined: Mon Jan 07, 2008 4:46 am

Re: 2.6.33 patch

Postby wao » Mon Mar 08, 2010 4:52 am

Well, I already did test with grsecurity-2.1.14-2.6.33-201003062044 and grsecurity-2.1.14-2.6.33-201003071645, both work fine.
33-201003071645 is quite faster, [ 0.663202] vs. [ 0.613161] Freeing unused kernel memory: 308k freed. (it's just avg., best was .598202 ) Thanks.
wao
 
Posts: 4
Joined: Sat Feb 27, 2010 9:22 am

Re: 2.6.33 patch

Postby decula » Wed Mar 10, 2010 11:21 pm

newbie, sorry

compile went file, very small amount of tuning on a 32 bit slackware 13.0

from policy:

# hide the kernel images and modules
/boot h

but when enabled, I see boot not entirely hidden:

total 88
d????????? ? ? ? ? ? boot/
drwxr-xr-x 10 root root 4096 2006-09-25 22:09 mnt/
drwxr-xr-x 2 root root 4096 2007-04-29 23:35 bin/
...

it's not on a separate mount point - just hanging off of /

ty - dec
decula
 
Posts: 1
Joined: Wed Mar 10, 2010 10:59 pm

Re: 2.6.33 patch

Postby spender » Thu Mar 11, 2010 8:42 am

This would suggest a problem in the readdir code (the directory name being listed but being unable to stat() it produces the results you've given). I'll take a look at it tonight.

Thanks,
-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: 2.6.33 patch

Postby spender » Thu Mar 11, 2010 9:16 pm

I'm not able to reproduce your issue here. Can you email me the output of 'cat /proc/mounts' and an strace of your ls -al command?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity development

cron