diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-04-17 19:42:50 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-04-17 19:42:50 -0400 |
| commit | f5b7964481b9a645121af08af017ff2df982bb70 (patch) | |
| tree | 3f0a14485ca225a8747469de7d53191cb40fa442 /2.6.38/4435_grsec-kconfig-gentoo.patch | |
| parent | Update Grsec/PaX (diff) | |
| download | hardened-patchset-f5b7964481b9a645121af08af017ff2df982bb70.tar.gz hardened-patchset-f5b7964481b9a645121af08af017ff2df982bb70.tar.bz2 hardened-patchset-f5b7964481b9a645121af08af017ff2df982bb70.zip | |
Update Grsec/PaX20110416
2.2.2-2.6.32.36-201104161725
2.2.2-2.6.38.2-201104161725
Diffstat (limited to '2.6.38/4435_grsec-kconfig-gentoo.patch')
| -rw-r--r-- | 2.6.38/4435_grsec-kconfig-gentoo.patch | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/2.6.38/4435_grsec-kconfig-gentoo.patch b/2.6.38/4435_grsec-kconfig-gentoo.patch index 50df198..1c44210 100644 --- a/2.6.38/4435_grsec-kconfig-gentoo.patch +++ b/2.6.38/4435_grsec-kconfig-gentoo.patch @@ -15,9 +15,9 @@ and conflicts with some software and thus would be less suitable. The original version of this patch was conceived and created by: Ned Ludd <solar@gentoo.org> -diff -Naur linux-2.6.37-hardened-r2.orig/grsecurity/Kconfig linux-2.6.37-hardened-r2/grsecurity/Kconfig ---- linux-2.6.37-hardened-r2.orig/grsecurity/Kconfig 2011-02-21 11:47:15.000000000 -0500 -+++ linux-2.6.37-hardened-r2/grsecurity/Kconfig 2011-02-21 11:48:08.000000000 -0500 +diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig +--- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 ++++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:27:46.000000000 -0400 @@ -18,7 +18,7 @@ choice prompt "Security Level" @@ -27,9 +27,9 @@ diff -Naur linux-2.6.37-hardened-r2.orig/grsecurity/Kconfig linux-2.6.37-hardene config GRKERNSEC_LOW bool "Low" -@@ -193,6 +193,261 @@ - - Ptrace restrictions - - Restricted vm86 mode +@@ -195,6 +195,261 @@ + - Restricted sysfs/debugfs + - Active kernel exploit response +config GRKERNSEC_HARDENED_SERVER + bool "Hardened Gentoo [server]" @@ -289,10 +289,10 @@ diff -Naur linux-2.6.37-hardened-r2.orig/grsecurity/Kconfig linux-2.6.37-hardene config GRKERNSEC_CUSTOM bool "Custom" help -diff -Naur linux-2.6.37-hardened-r2.orig/security/Kconfig linux-2.6.37-hardened-r2/security/Kconfig ---- linux-2.6.37-hardened-r2.orig/security/Kconfig 2011-02-21 11:46:40.000000000 -0500 -+++ linux-2.6.37-hardened-r2/security/Kconfig 2011-02-21 11:53:42.000000000 -0500 -@@ -324,8 +324,9 @@ +diff -Naur linux-2.6.38-hardened-r1.orig/security/Kconfig linux-2.6.38-hardened-r1/security/Kconfig +--- linux-2.6.38-hardened-r1.orig/security/Kconfig 2011-04-17 19:25:02.000000000 -0400 ++++ linux-2.6.38-hardened-r1/security/Kconfig 2011-04-17 19:27:46.000000000 -0400 +@@ -319,8 +319,9 @@ config PAX_KERNEXEC bool "Enforce non-executable kernel pages" @@ -303,7 +303,7 @@ diff -Naur linux-2.6.37-hardened-r2.orig/security/Kconfig linux-2.6.37-hardened- help This is the kernel land equivalent of PAGEEXEC and MPROTECT, that is, enabling this option will make it harder to inject -@@ -461,8 +462,9 @@ +@@ -456,8 +457,9 @@ config PAX_MEMORY_UDEREF bool "Prevent invalid userland pointer dereference" |