Grsec/PaX: 2.2.2-{2.6.32.49,3.1.3}-201111262001.patch20111126

1 files changed, 26 insertions, 0 deletions

diff --git a/3.1.3/4437-grsec-kconfig-proc-user.patch b/3.1.3/4437-grsec-kconfig-proc-user.patch
new file mode 100644
index 0000000..c588683
--- /dev/null
+++ b/3.1.3/4437-grsec-kconfig-proc-user.patch
@@ -0,0 +1,26 @@
+From: Anthony G. Basile <blueness@gentoo.org>
+
+Address the mutually exclusive options GRKERNSEC_PROC_USER and GRKERNSEC_PROC_USERGROUP
+in a different way to avoid bug #366019.  This patch should eventually go upstream.
+
+diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig
+--- a/grsecurity/Kconfig	2011-06-29 10:02:56.000000000 -0400
++++ b/grsecurity/Kconfig	2011-06-29 10:08:07.000000000 -0400
+@@ -666,7 +666,7 @@
+ 
+ config GRKERNSEC_PROC_USER
+ 	bool "Restrict /proc to user only"
+-	depends on GRKERNSEC_PROC
++	depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USERGROUP
+ 	help
+ 	  If you say Y here, non-root users will only be able to view their own
+ 	  processes, and restricts them from viewing network-related information,
+@@ -674,7 +674,7 @@
+ 
+ config GRKERNSEC_PROC_USERGROUP
+ 	bool "Allow special group"
+-	depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
++	depends on GRKERNSEC_PROC
+ 	help
+ 	  If you say Y here, you will be able to select a group that will be
+           able to view all processes and network-related information.  If you've