diff options
| author |   Anthony G. Basile <basile@opensource.dyc.edu> | 2010-12-12 05:30:38 -0500 |
|---|---|---|
| committer | Anthony G. Basile <basile@opensource.dyc.edu> | 2010-12-12 05:30:38 -0500 |
| commit | 91e15dcc70f06802f3c158a6b0b543ee2e3e02f4 (patch) | |
| tree | 73e20c246d8e2d44817edf6fce41a85e42050eb4 | |
| parent | Refreshed 2.6.32 patches (diff) | |
| download | hardened-patchset-91e15dcc70f06802f3c158a6b0b543ee2e3e02f4.tar.gz hardened-patchset-91e15dcc70f06802f3c158a6b0b543ee2e3e02f4.tar.bz2 hardened-patchset-91e15dcc70f06802f3c158a6b0b543ee2e3e02f4.zip | |
Refreshed 2.6.36 patches20101210
| -rw-r--r-- | 2.6.36/4425_grsec-pax-without-grsec.patch | 8 | ||||
| -rw-r--r-- | 2.6.36/4430_grsec-kconfig-default-gids.patch | 14 | ||||
| -rw-r--r-- | 2.6.36/4440_selinux-avc_audit-log-curr_ip.patch | 2 |
3 files changed, 12 insertions, 12 deletions
diff --git a/2.6.36/4425_grsec-pax-without-grsec.patch b/2.6.36/4425_grsec-pax-without-grsec.patch index 9c2d11d..cd327bd 100644 --- a/2.6.36/4425_grsec-pax-without-grsec.patch +++ b/2.6.36/4425_grsec-pax-without-grsec.patch @@ -28,7 +28,7 @@ The original version of this patch contained no credits/description. } --- a/fs/exec.c +++ b/fs/exec.c -@@ -1805,9 +1805,11 @@ +@@ -1806,9 +1806,11 @@ } up_read(&mm->mmap_sem); } @@ -40,7 +40,7 @@ The original version of this patch contained no credits/description. printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset); printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), -@@ -1822,10 +1824,12 @@ +@@ -1823,10 +1825,12 @@ #ifdef CONFIG_PAX_REFCOUNT void pax_report_refcount_overflow(struct pt_regs *regs) { @@ -53,7 +53,7 @@ The original version of this patch contained no credits/description. printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), current_uid(), current_euid()); print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); -@@ -1885,10 +1889,12 @@ +@@ -1886,10 +1890,12 @@ void pax_report_leak_to_user(const void *ptr, unsigned long len) { @@ -66,7 +66,7 @@ The original version of this patch contained no credits/description. printk(KERN_ERR "PAX: kernel memory leak attempt detected from %p (%lu bytes)\n", ptr, len); dump_stack(); do_group_exit(SIGKILL); -@@ -1896,10 +1902,12 @@ +@@ -1897,10 +1903,12 @@ void pax_report_overflow_from_user(const void *ptr, unsigned long len) { diff --git a/2.6.36/4430_grsec-kconfig-default-gids.patch b/2.6.36/4430_grsec-kconfig-default-gids.patch index a0980b8..31fa9f4 100644 --- a/2.6.36/4430_grsec-kconfig-default-gids.patch +++ b/2.6.36/4430_grsec-kconfig-default-gids.patch @@ -11,7 +11,7 @@ from shooting themselves in the foot. --- a/grsecurity/Kconfig +++ b/grsecurity/Kconfig -@@ -403,7 +403,7 @@ +@@ -404,7 +404,7 @@ config GRKERNSEC_PROC_GID int "GID for special group" depends on GRKERNSEC_PROC_USERGROUP @@ -20,7 +20,7 @@ from shooting themselves in the foot. config GRKERNSEC_PROC_ADD bool "Additional restrictions" -@@ -612,7 +612,7 @@ +@@ -613,7 +613,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -29,7 +29,7 @@ from shooting themselves in the foot. config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -798,7 +798,7 @@ +@@ -799,7 +799,7 @@ config GRKERNSEC_TPE_GID int "GID for untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -38,7 +38,7 @@ from shooting themselves in the foot. help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -807,7 +807,7 @@ +@@ -808,7 +808,7 @@ config GRKERNSEC_TPE_GID int "GID for trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -47,7 +47,7 @@ from shooting themselves in the foot. help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -878,7 +878,7 @@ +@@ -879,7 +879,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -56,7 +56,7 @@ from shooting themselves in the foot. help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -899,7 +899,7 @@ +@@ -900,7 +900,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -65,7 +65,7 @@ from shooting themselves in the foot. help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -917,7 +917,7 @@ +@@ -918,7 +918,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/2.6.36/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.36/4440_selinux-avc_audit-log-curr_ip.patch index a5e0520..e8b9c36 100644 --- a/2.6.36/4440_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.36/4440_selinux-avc_audit-log-curr_ip.patch @@ -27,7 +27,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> --- a/grsecurity/Kconfig +++ b/grsecurity/Kconfig -@@ -1384,6 +1384,27 @@ +@@ -1385,6 +1385,27 @@ menu "Logging Options" depends on GRKERNSEC |