summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2011-06-29 10:37:32 -0400
committerAnthony G. Basile <blueness@gentoo.org>2011-06-29 10:37:43 -0400
commit7013e899f6294835d95a1c3e309412c990bad2aa (patch)
treeea974b12f1218046c7e3c3658ef426f8338b8860 /2.6.39/4437-grsec-kconfig-proc-user.patch
parentUpdate Grsec/PaX (diff)
downloadhardened-patchset-7013e899f6294835d95a1c3e309412c990bad2aa.tar.gz
hardened-patchset-7013e899f6294835d95a1c3e309412c990bad2aa.tar.bz2
hardened-patchset-7013e899f6294835d95a1c3e309412c990bad2aa.zip
Update Grsec/PaX and address bug #36601920110628
2.2.2-2.6.32.42-201106281648 2.2.2-2.6.39.2-201106281648
Diffstat (limited to '2.6.39/4437-grsec-kconfig-proc-user.patch')
-rw-r--r--2.6.39/4437-grsec-kconfig-proc-user.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/2.6.39/4437-grsec-kconfig-proc-user.patch b/2.6.39/4437-grsec-kconfig-proc-user.patch
new file mode 100644
index 0000000..372507c
--- /dev/null
+++ b/2.6.39/4437-grsec-kconfig-proc-user.patch
@@ -0,0 +1,26 @@
+From: Anthony G. Basile <blueness@gentoo.org>
+
+Address the mutually exclusive options GRKERNSEC_PROC_USER and GRKERNSEC_PROC_USERGROUP
+in a different way to avoid bug #366019. This patch should eventually go upstream.
+
+diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig
+--- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400
++++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400
+@@ -670,7 +670,7 @@
+
+ config GRKERNSEC_PROC_USER
+ bool "Restrict /proc to user only"
+- depends on GRKERNSEC_PROC
++ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USERGROUP
+ help
+ If you say Y here, non-root users will only be able to view their own
+ processes, and restricts them from viewing network-related information,
+@@ -678,7 +678,7 @@
+
+ config GRKERNSEC_PROC_USERGROUP
+ bool "Allow special group"
+- depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
++ depends on GRKERNSEC_PROC
+ help
+ If you say Y here, you will be able to select a group that will be
+ able to view all processes and network-related information. If you've