diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-12-26 15:16:28 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-12-26 15:16:28 -0500 |
| commit | f18573fca9f346534cbf7aac07390f1e9c540ac9 (patch) | |
| tree | 2552fb66d9839389e2b10a64b944f3d2faf001ad | |
| parent | Added predefined selections for GRKERNSEC_HARDENED_{SERVER,WORKSTATION,VIRTUA... (diff) | |
| download | hardened-patchset-f18573fca9f346534cbf7aac07390f1e9c540ac9.tar.gz hardened-patchset-f18573fca9f346534cbf7aac07390f1e9c540ac9.tar.bz2 hardened-patchset-f18573fca9f346534cbf7aac07390f1e9c540ac9.zip | |
PAX_ELFRELOCS: do not force on for x8620111222
| -rw-r--r-- | 2.6.32/4435_grsec-kconfig-gentoo.patch | 8 | ||||
| -rw-r--r-- | 2.6.32/4437-grsec-kconfig-proc-user.patch | 4 | ||||
| -rw-r--r-- | 2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
| -rw-r--r-- | 3.1.6/4435_grsec-kconfig-gentoo.patch | 8 | ||||
| -rw-r--r-- | 3.1.6/4437-grsec-kconfig-proc-user.patch | 4 | ||||
| -rw-r--r-- | 3.1.6/4440_selinux-avc_audit-log-curr_ip.patch | 2 |
6 files changed, 8 insertions, 20 deletions
diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4435_grsec-kconfig-gentoo.patch index 8257202..5f4693e 100644 --- a/2.6.32/4435_grsec-kconfig-gentoo.patch +++ b/2.6.32/4435_grsec-kconfig-gentoo.patch @@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_LOW bool "Low" -@@ -190,6 +190,267 @@ +@@ -190,6 +190,261 @@ - Restricted sysfs/debugfs - Active kernel exploit response @@ -91,8 +91,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select PAX_EMUPLT if (ALPHA || PARISC || SPARC) + select PAX_EMUTRAMP if (PARISC) + select PAX_EMUSIGRT if (PARISC) -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) + select PAX_MEMORY_SANITIZE @@ -178,8 +176,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select PAX_EMUPLT if (ALPHA || PARISC || SPARC) + select PAX_EMUTRAMP if (PARISC) + select PAX_EMUSIGRT if (PARISC) -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) + select PAX_MEMORY_SANITIZE @@ -263,8 +259,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select PAX_EMUPLT if (ALPHA || PARISC || SPARC) + select PAX_EMUTRAMP if (PARISC) + select PAX_EMUSIGRT if (PARISC) -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) + select PAX_MEMORY_SANITIZE diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4437-grsec-kconfig-proc-user.patch index 1e181f3..ca88ef7 100644 --- a/2.6.32/4437-grsec-kconfig-proc-user.patch +++ b/2.6.32/4437-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400 -@@ -673,7 +673,7 @@ +@@ -667,7 +667,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -681,7 +681,7 @@ +@@ -675,7 +675,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch index 8a6daac..34c78d5 100644 --- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -1272,6 +1272,27 @@ +@@ -1266,6 +1266,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.1.6/4435_grsec-kconfig-gentoo.patch b/3.1.6/4435_grsec-kconfig-gentoo.patch index bec600b..90b1ec9 100644 --- a/3.1.6/4435_grsec-kconfig-gentoo.patch +++ b/3.1.6/4435_grsec-kconfig-gentoo.patch @@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_LOW bool "Low" -@@ -191,6 +191,267 @@ +@@ -191,6 +191,261 @@ - Restricted sysfs/debugfs - Active kernel exploit response @@ -91,8 +91,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select PAX_EMUPLT if (ALPHA || PARISC || SPARC) + select PAX_EMUTRAMP if (PARISC) + select PAX_EMUSIGRT if (PARISC) -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) + select PAX_MEMORY_SANITIZE @@ -178,8 +176,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select PAX_EMUPLT if (ALPHA || PARISC || SPARC) + select PAX_EMUTRAMP if (PARISC) + select PAX_EMUSIGRT if (PARISC) -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) + select PAX_MEMORY_SANITIZE @@ -263,8 +259,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select PAX_EMUPLT if (ALPHA || PARISC || SPARC) + select PAX_EMUTRAMP if (PARISC) + select PAX_EMUSIGRT if (PARISC) -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) + select PAX_MEMORY_SANITIZE diff --git a/3.1.6/4437-grsec-kconfig-proc-user.patch b/3.1.6/4437-grsec-kconfig-proc-user.patch index 4c9550b..4e5acda 100644 --- a/3.1.6/4437-grsec-kconfig-proc-user.patch +++ b/3.1.6/4437-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 -@@ -675,7 +675,7 @@ +@@ -669,7 +669,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-harden help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -683,7 +683,7 @@ +@@ -677,7 +677,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/3.1.6/4440_selinux-avc_audit-log-curr_ip.patch b/3.1.6/4440_selinux-avc_audit-log-curr_ip.patch index 4bce851..b7bcddb 100644 --- a/3.1.6/4440_selinux-avc_audit-log-curr_ip.patch +++ b/3.1.6/4440_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig --- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1287,6 +1287,27 @@ +@@ -1281,6 +1281,27 @@ menu "Logging Options" depends on GRKERNSEC |