summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2012-05-13 20:30:36 -0400
committerAnthony G. Basile <blueness@gentoo.org>2012-05-13 20:30:36 -0400
commitd61f951df186c6e3d7c2c4950268fd547f876228 (patch)
treedf510161c7f20cb42cf94147f37ad6a944a1d4ed
parentGrsec/PaX: 2.9-{2.6.32.59,3.2.16,3.3.5}-201205071838 (diff)
downloadhardened-patchset-d61f951df186c6e3d7c2c4950268fd547f876228.tar.gz
hardened-patchset-d61f951df186c6e3d7c2c4950268fd547f876228.tar.bz2
hardened-patchset-d61f951df186c6e3d7c2c4950268fd547f876228.zip
Grsec: fix Kconfig patch, add proper constraints
-rw-r--r--3.3.5/4455_grsec-kconfig-gentoo.patch14
1 files changed, 7 insertions, 7 deletions
diff --git a/3.3.5/4455_grsec-kconfig-gentoo.patch b/3.3.5/4455_grsec-kconfig-gentoo.patch
index 1ce4ccf..b9dc3e5 100644
--- a/3.3.5/4455_grsec-kconfig-gentoo.patch
+++ b/3.3.5/4455_grsec-kconfig-gentoo.patch
@@ -77,7 +77,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+ select GRKERNSEC_SYSCTL_ON
+ select PAX
+ select PAX_ASLR
-+ select PAX_RANDKSTACK
++ select PAX_RANDKSTACK if (X86_TSC && X86)
+ select PAX_RANDUSTACK
+ select PAX_RANDMMAP
+ select PAX_NOEXEC
@@ -85,8 +85,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+ select PAX_EI_PAX
+ select PAX_PT_PAX_FLAGS
+ select PAX_HAVE_ACL_FLAGS
-+ select PAX_KERNEXEC
-+ select PAX_MEMORY_UDEREF
++ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
+ select PAX_SEGMEXEC if (X86_32)
+ select PAX_PAGEEXEC
+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
@@ -162,7 +162,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+ select GRKERNSEC_SYSCTL_ON
+ select PAX
+ select PAX_ASLR
-+ select PAX_RANDKSTACK
++ select PAX_RANDKSTACK if (X86_TSC && X86)
+ select PAX_RANDUSTACK
+ select PAX_RANDMMAP
+ select PAX_NOEXEC
@@ -170,8 +170,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+ select PAX_EI_PAX
+ select PAX_PT_PAX_FLAGS
+ select PAX_HAVE_ACL_FLAGS
-+ select PAX_KERNEXEC
-+ select PAX_MEMORY_UDEREF
++ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
+ select PAX_SEGMEXEC if (X86_32)
+ select PAX_PAGEEXEC
+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
@@ -247,7 +247,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
+ select GRKERNSEC_SYSCTL_ON
+ select PAX
+ select PAX_ASLR
-+ select PAX_RANDKSTACK
++ select PAX_RANDKSTACK if (X86_TSC && X86)
+ select PAX_RANDUSTACK
+ select PAX_RANDMMAP
+ select PAX_NOEXEC