summaryrefslogtreecommitdiff
path: root/2.6.32
diff options
context:
space:
mode:
authorAnthony G. Basile <basile@opensource.dyc.edu>2010-12-12 05:08:10 -0500
committerAnthony G. Basile <basile@opensource.dyc.edu>2010-12-12 05:08:10 -0500
commit302a3f480b02f5c318d89c1cec47b4fd5910817e (patch)
treeb92bb1ba611cca743c30f5af7f62634024b25f11 /2.6.32
parentUpdate Grsec/PaX (diff)
downloadhardened-patchset-302a3f480b02f5c318d89c1cec47b4fd5910817e.tar.gz
hardened-patchset-302a3f480b02f5c318d89c1cec47b4fd5910817e.tar.bz2
hardened-patchset-302a3f480b02f5c318d89c1cec47b4fd5910817e.zip
Refreshed 2.6.32 patches
Diffstat (limited to '2.6.32')
-rw-r--r--2.6.32/4425_grsec-pax-without-grsec.patch8
-rw-r--r--2.6.32/4430_grsec-kconfig-default-gids.patch14
-rw-r--r--2.6.32/4440_selinux-avc_audit-log-curr_ip.patch2
3 files changed, 12 insertions, 12 deletions
diff --git a/2.6.32/4425_grsec-pax-without-grsec.patch b/2.6.32/4425_grsec-pax-without-grsec.patch
index 8bf0dc4..89fb166 100644
--- a/2.6.32/4425_grsec-pax-without-grsec.patch
+++ b/2.6.32/4425_grsec-pax-without-grsec.patch
@@ -28,7 +28,7 @@ The original version of this patch contained no credits/description.
}
--- a/fs/exec.c
+++ b/fs/exec.c
-@@ -1781,9 +1781,11 @@
+@@ -1786,9 +1786,11 @@
}
up_read(&mm->mmap_sem);
}
@@ -40,7 +40,7 @@ The original version of this patch contained no credits/description.
printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, "
"PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk),
-@@ -1798,10 +1800,12 @@
+@@ -1803,10 +1805,12 @@
#ifdef CONFIG_PAX_REFCOUNT
void pax_report_refcount_overflow(struct pt_regs *regs)
{
@@ -53,7 +53,7 @@ The original version of this patch contained no credits/description.
printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
current->comm, task_pid_nr(current), current_uid(), current_euid());
print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
-@@ -1861,10 +1865,12 @@
+@@ -1866,10 +1870,12 @@
void pax_report_leak_to_user(const void *ptr, unsigned long len)
{
@@ -66,7 +66,7 @@ The original version of this patch contained no credits/description.
printk(KERN_ERR "PAX: kernel memory leak attempt detected from %p (%lu bytes)\n", ptr, len);
dump_stack();
do_group_exit(SIGKILL);
-@@ -1872,10 +1878,12 @@
+@@ -1877,10 +1883,12 @@
void pax_report_overflow_from_user(const void *ptr, unsigned long len)
{
diff --git a/2.6.32/4430_grsec-kconfig-default-gids.patch b/2.6.32/4430_grsec-kconfig-default-gids.patch
index a0980b8..31fa9f4 100644
--- a/2.6.32/4430_grsec-kconfig-default-gids.patch
+++ b/2.6.32/4430_grsec-kconfig-default-gids.patch
@@ -11,7 +11,7 @@ from shooting themselves in the foot.
--- a/grsecurity/Kconfig
+++ b/grsecurity/Kconfig
-@@ -403,7 +403,7 @@
+@@ -404,7 +404,7 @@
config GRKERNSEC_PROC_GID
int "GID for special group"
depends on GRKERNSEC_PROC_USERGROUP
@@ -20,7 +20,7 @@ from shooting themselves in the foot.
config GRKERNSEC_PROC_ADD
bool "Additional restrictions"
-@@ -612,7 +612,7 @@
+@@ -613,7 +613,7 @@
config GRKERNSEC_AUDIT_GID
int "GID for auditing"
depends on GRKERNSEC_AUDIT_GROUP
@@ -29,7 +29,7 @@ from shooting themselves in the foot.
config GRKERNSEC_EXECLOG
bool "Exec logging"
-@@ -798,7 +798,7 @@
+@@ -799,7 +799,7 @@
config GRKERNSEC_TPE_GID
int "GID for untrusted users"
depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -38,7 +38,7 @@ from shooting themselves in the foot.
help
Setting this GID determines what group TPE restrictions will be
*enabled* for. If the sysctl option is enabled, a sysctl option
-@@ -807,7 +807,7 @@
+@@ -808,7 +808,7 @@
config GRKERNSEC_TPE_GID
int "GID for trusted users"
depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -47,7 +47,7 @@ from shooting themselves in the foot.
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -878,7 +878,7 @@
+@@ -879,7 +879,7 @@
config GRKERNSEC_SOCKET_ALL_GID
int "GID to deny all sockets for"
depends on GRKERNSEC_SOCKET_ALL
@@ -56,7 +56,7 @@ from shooting themselves in the foot.
help
Here you can choose the GID to disable socket access for. Remember to
add the users you want socket access disabled for to the GID
-@@ -899,7 +899,7 @@
+@@ -900,7 +900,7 @@
config GRKERNSEC_SOCKET_CLIENT_GID
int "GID to deny client sockets for"
depends on GRKERNSEC_SOCKET_CLIENT
@@ -65,7 +65,7 @@ from shooting themselves in the foot.
help
Here you can choose the GID to disable client socket access for.
Remember to add the users you want client socket access disabled for to
-@@ -917,7 +917,7 @@
+@@ -918,7 +918,7 @@
config GRKERNSEC_SOCKET_SERVER_GID
int "GID to deny server sockets for"
depends on GRKERNSEC_SOCKET_SERVER
diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
index c4ddec4..0049a17 100644
--- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
@@ -27,7 +27,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
--- a/grsecurity/Kconfig
+++ b/grsecurity/Kconfig
-@@ -1384,6 +1384,27 @@
+@@ -1385,6 +1385,27 @@
menu "Logging Options"
depends on GRKERNSEC