diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2011-10-25 15:52:52 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2011-10-25 15:52:52 -0400 |
commit | 739c95151ded3bb81a3eabdee283ec649d53b59f (patch) | |
tree | aaf715ae6ceb5472054fcc6949ae97ec8fac0285 /2.6.39/4430_grsec-kconfig-default-gids.patch | |
parent | Add headers (diff) | |
download | hardened-patchset-739c95151ded3bb81a3eabdee283ec649d53b59f.tar.gz hardened-patchset-739c95151ded3bb81a3eabdee283ec649d53b59f.tar.bz2 hardened-patchset-739c95151ded3bb81a3eabdee283ec649d53b59f.zip |
Deprecate 2.6.39experimental
Diffstat (limited to '2.6.39/4430_grsec-kconfig-default-gids.patch')
-rw-r--r-- | 2.6.39/4430_grsec-kconfig-default-gids.patch | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/2.6.39/4430_grsec-kconfig-default-gids.patch b/2.6.39/4430_grsec-kconfig-default-gids.patch deleted file mode 100644 index 8d4ec95..0000000 --- a/2.6.39/4430_grsec-kconfig-default-gids.patch +++ /dev/null @@ -1,77 +0,0 @@ -From: Kerin Millar <kerframil@gmail.com> - -grsecurity contains a number of options which allow certain protections -to be applied to or exempted from members of a given group. However, the -default GIDs specified in the upstream patch are entirely arbitrary and -there is no telling which (if any) groups the GIDs will correlate with -on an end-user's system. Because some users don't pay a great deal of -attention to the finer points of kernel configuration, it is probably -wise to specify some reasonable defaults so as to stop careless users -from shooting themselves in the foot. - -diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig ---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:15:55.000000000 -0400 -+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:37:33.000000000 -0400 -@@ -434,7 +434,7 @@ - config GRKERNSEC_PROC_GID - int "GID for special group" - depends on GRKERNSEC_PROC_USERGROUP -- default 1001 -+ default 10 - - config GRKERNSEC_PROC_ADD - bool "Additional restrictions" -@@ -658,7 +658,7 @@ - config GRKERNSEC_AUDIT_GID - int "GID for auditing" - depends on GRKERNSEC_AUDIT_GROUP -- default 1007 -+ default 100 - - config GRKERNSEC_EXECLOG - bool "Exec logging" -@@ -844,7 +844,7 @@ - config GRKERNSEC_TPE_GID - int "GID for untrusted users" - depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT -- default 1005 -+ default 100 - help - Setting this GID determines what group TPE restrictions will be - *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -853,7 +853,7 @@ - config GRKERNSEC_TPE_GID - int "GID for trusted users" - depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT -- default 1005 -+ default 10 - help - Setting this GID determines what group TPE restrictions will be - *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -924,7 +924,7 @@ - config GRKERNSEC_SOCKET_ALL_GID - int "GID to deny all sockets for" - depends on GRKERNSEC_SOCKET_ALL -- default 1004 -+ default 65534 - help - Here you can choose the GID to disable socket access for. Remember to - add the users you want socket access disabled for to the GID -@@ -945,7 +945,7 @@ - config GRKERNSEC_SOCKET_CLIENT_GID - int "GID to deny client sockets for" - depends on GRKERNSEC_SOCKET_CLIENT -- default 1003 -+ default 65534 - help - Here you can choose the GID to disable client socket access for. - Remember to add the users you want client socket access disabled for to -@@ -963,7 +963,7 @@ - config GRKERNSEC_SOCKET_SERVER_GID - int "GID to deny server sockets for" - depends on GRKERNSEC_SOCKET_SERVER -- default 1002 -+ default 65534 - help - Here you can choose the GID to disable server socket access for. - Remember to add the users you want server socket access disabled for to |