summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2011-10-25 15:52:52 -0400
committerAnthony G. Basile <blueness@gentoo.org>2011-10-25 15:52:52 -0400
commit739c95151ded3bb81a3eabdee283ec649d53b59f (patch)
treeaaf715ae6ceb5472054fcc6949ae97ec8fac0285 /2.6.39/4445_disable-compat_vdso.patch
parentAdd headers (diff)
downloadhardened-patchset-experimental.tar.gz
hardened-patchset-experimental.tar.bz2
hardened-patchset-experimental.zip
Deprecate 2.6.39experimental
Diffstat (limited to '2.6.39/4445_disable-compat_vdso.patch')
-rw-r--r--2.6.39/4445_disable-compat_vdso.patch46
1 files changed, 0 insertions, 46 deletions
diff --git a/2.6.39/4445_disable-compat_vdso.patch b/2.6.39/4445_disable-compat_vdso.patch
deleted file mode 100644
index 2195d04..0000000
--- a/2.6.39/4445_disable-compat_vdso.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-No need to wrap vdso calls as gentoo does not use any version of
-glibc <=2.3.3
----
-From: Gordon Malm <gengor@gentoo.org>
-From: Kerin Millar <kerframil@gmail.com>
-From: Jory A. Pratt <anarchy@gentoo.org>
-
-COMPAT_VDSO is inappropriate for any modern Hardened Gentoo system. It
-conflicts with various parts of PaX, crashing the system if enabled
-while PaX's NOEXEC or UDEREF features are active. Moreover, it prevents
-a number of important PaX options from appearing in the configuration
-menu, including all PaX NOEXEC implementations. Unfortunately, the
-reason for the disappearance of these PaX configuration options is
-often far from obvious to inexperienced users.
-
-Therefore, we disable the COMPAT_VDSO menu entry entirely. However,
-COMPAT_VDSO operation can still be enabled via bootparam and sysctl
-interfaces. Consequently, we must also disable the ability to select
-COMPAT_VDSO operation at boot or runtime. Here we patch the kernel so
-that selecting COMPAT_VDSO operation at boot/runtime has no effect if
-conflicting PaX options are enabled, leaving VDSO_ENABLED operation
-intact.
-
-Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
-
-diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
---- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
-+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -1642,17 +1642,8 @@
-
- config COMPAT_VDSO
- def_bool n
-- prompt "Compat VDSO support"
- depends on X86_32 || IA32_EMULATION
- depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF
-- ---help---
-- Map the 32-bit VDSO to the predictable old-style address too.
--
-- Say N here if you are running a sufficiently recent glibc
-- version (2.3.3 or later), to remove the high-mapped
-- VDSO mapping and to exclusively use the randomized VDSO.
--
-- If unsure, say Y.
-
- config CMDLINE_BOOL
- bool "Built-in kernel command line"