summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2011-10-25 15:52:52 -0400
committerAnthony G. Basile <blueness@gentoo.org>2011-10-25 15:52:52 -0400
commit739c95151ded3bb81a3eabdee283ec649d53b59f (patch)
treeaaf715ae6ceb5472054fcc6949ae97ec8fac0285 /2.6.39/4428_grsec-pax-without-grsec.patch
parentAdd headers (diff)
downloadhardened-patchset-739c95151ded3bb81a3eabdee283ec649d53b59f.tar.gz
hardened-patchset-739c95151ded3bb81a3eabdee283ec649d53b59f.tar.bz2
hardened-patchset-739c95151ded3bb81a3eabdee283ec649d53b59f.zip
Deprecate 2.6.39experimental
Diffstat (limited to '2.6.39/4428_grsec-pax-without-grsec.patch')
-rw-r--r--2.6.39/4428_grsec-pax-without-grsec.patch88
1 files changed, 0 insertions, 88 deletions
diff --git a/2.6.39/4428_grsec-pax-without-grsec.patch b/2.6.39/4428_grsec-pax-without-grsec.patch
deleted file mode 100644
index ab11790..0000000
--- a/2.6.39/4428_grsec-pax-without-grsec.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From: Anthony G. Basile <blueness@gentoo.org>
-
-With grsecurity-2.2.2-2.6.32.38-201104171745, the functions pax_report_leak_to_user and
-pax_report_overflow_from_user in fs/exec.c were consolidated into pax_report_usercopy.
-This patch has been updated to reflect that change.
---
-From: Jory Pratt <anarchy@gentoo.org>
-Updated patch for kernel 2.6.32
-
-The credits/description from the original version of this patch remain accurate
-and are included below.
---
-From: Gordon Malm <gengor@gentoo.org>
-
-Allow PaX options to be selected without first selecting CONFIG_GRKERNSEC.
-
-This patch has been updated to keep current with newer kernel versions.
-The original version of this patch contained no credits/description.
-
-diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
---- a/arch/x86/mm/fault.c 2011-04-17 19:05:03.000000000 -0400
-+++ a/arch/x86/mm/fault.c 2011-04-17 19:20:30.000000000 -0400
-@@ -646,10 +646,12 @@
-
- #ifdef CONFIG_PAX_KERNEXEC
- if (init_mm.start_code <= address && address < init_mm.end_code) {
-+#ifdef CONFIG_GRKERNSEC
- if (current->signal->curr_ip)
- printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
- &current->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
- else
-+#endif
- printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
- current->comm, task_pid_nr(current), current_uid(), current_euid());
- }
-diff -Naur a/fs/exec.c b/fs/exec.c
---- a/fs/exec.c 2011-04-17 19:05:03.000000000 -0400
-+++ b/fs/exec.c 2011-04-17 19:20:30.000000000 -0400
-@@ -1845,9 +1845,11 @@
- }
- up_read(&mm->mmap_sem);
- }
-+#ifdef CONFIG_GRKERNSEC
- if (tsk->signal->curr_ip)
- printk(KERN_ERR "PAX: From %pI4: execution attempt in: %s, %08lx-%08lx %08lx\n", &tsk->signal->curr_ip, path_fault, start, end, offset);
- else
-+#endif
- printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
- printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, "
- "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk),
-@@ -1862,10 +1864,12 @@
- #ifdef CONFIG_PAX_REFCOUNT
- void pax_report_refcount_overflow(struct pt_regs *regs)
- {
-+#ifdef CONFIG_GRKERNSEC
- if (current->signal->curr_ip)
- printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
- &current->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
- else
-+#endif
- printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
- current->comm, task_pid_nr(current), current_uid(), current_euid());
- print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
-@@ -1925,10 +1929,12 @@
-
- void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type)
- {
-+#ifdef CONFIG_GRKERNSEC
- if (current->signal->curr_ip)
- printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
- &current->signal->curr_ip, to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len);
- else
-+#endif
- printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
- to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len);
- dump_stack();
-diff -Naur a/security/Kconfig b/security/Kconfig
---- a/security/Kconfig 2011-04-17 19:05:03.000000000 -0400
-+++ b/security/Kconfig 2011-04-17 19:20:30.000000000 -0400
-@@ -26,7 +26,7 @@
-
- config PAX
- bool "Enable various PaX features"
-- depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86)
-+ depends on (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86)
- help
- This allows you to enable various PaX features. PaX adds
- intrusion prevention mechanisms to the kernel that reduce