diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2011-12-26 15:16:28 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2011-12-26 15:16:28 -0500 |
commit | f18573fca9f346534cbf7aac07390f1e9c540ac9 (patch) | |
tree | 2552fb66d9839389e2b10a64b944f3d2faf001ad /2.6.32 | |
parent | Added predefined selections for GRKERNSEC_HARDENED_{SERVER,WORKSTATION,VIRTUA... (diff) | |
download | hardened-patchset-f18573fca9f346534cbf7aac07390f1e9c540ac9.tar.gz hardened-patchset-f18573fca9f346534cbf7aac07390f1e9c540ac9.tar.bz2 hardened-patchset-f18573fca9f346534cbf7aac07390f1e9c540ac9.zip |
PAX_ELFRELOCS: do not force on for x8620111222
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/4435_grsec-kconfig-gentoo.patch | 8 | ||||
-rw-r--r-- | 2.6.32/4437-grsec-kconfig-proc-user.patch | 4 | ||||
-rw-r--r-- | 2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 2 |
3 files changed, 4 insertions, 10 deletions
diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4435_grsec-kconfig-gentoo.patch index 8257202..5f4693e 100644 --- a/2.6.32/4435_grsec-kconfig-gentoo.patch +++ b/2.6.32/4435_grsec-kconfig-gentoo.patch @@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_LOW bool "Low" -@@ -190,6 +190,267 @@ +@@ -190,6 +190,261 @@ - Restricted sysfs/debugfs - Active kernel exploit response @@ -91,8 +91,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select PAX_EMUPLT if (ALPHA || PARISC || SPARC) + select PAX_EMUTRAMP if (PARISC) + select PAX_EMUSIGRT if (PARISC) -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) + select PAX_MEMORY_SANITIZE @@ -178,8 +176,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select PAX_EMUPLT if (ALPHA || PARISC || SPARC) + select PAX_EMUTRAMP if (PARISC) + select PAX_EMUSIGRT if (PARISC) -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) + select PAX_MEMORY_SANITIZE @@ -263,8 +259,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select PAX_EMUPLT if (ALPHA || PARISC || SPARC) + select PAX_EMUTRAMP if (PARISC) + select PAX_EMUSIGRT if (PARISC) -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) + select PAX_MEMORY_SANITIZE diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4437-grsec-kconfig-proc-user.patch index 1e181f3..ca88ef7 100644 --- a/2.6.32/4437-grsec-kconfig-proc-user.patch +++ b/2.6.32/4437-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400 -@@ -673,7 +673,7 @@ +@@ -667,7 +667,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -681,7 +681,7 @@ +@@ -675,7 +675,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch index 8a6daac..34c78d5 100644 --- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -1272,6 +1272,27 @@ +@@ -1266,6 +1266,27 @@ menu "Logging Options" depends on GRKERNSEC |