Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/2.6.32/4450_grsec-kconfig-default-gids.patch
diff options
context:
space:
mode:
Diffstat (limited to '2.6.32/4450_grsec-kconfig-default-gids.patch')
-rw-r--r--2.6.32/4450_grsec-kconfig-default-gids.patch43
1 files changed, 25 insertions, 18 deletions
diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch
index 8c6f609..038bb2e 100644
--- a/2.6.32/4450_grsec-kconfig-default-gids.patch
+++ b/2.6.32/4450_grsec-kconfig-default-gids.patch
@@ -1,3 +1,7 @@
+From: Anthony G. Basile <blueness@gentoo.org>
+Updated patch for the new Kconfig system for >=3.4.4
+
+---
From: Kerin Millar <kerframil@gmail.com>
grsecurity contains a number of options which allow certain protections
@@ -9,19 +13,10 @@ attention to the finer points of kernel configuration, it is probably
wise to specify some reasonable defaults so as to stop careless users
from shooting themselves in the foot.
-diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
---- a/grsecurity/Kconfig 2011-12-12 15:11:47.000000000 -0500
-+++ b/grsecurity/Kconfig 2011-12-12 15:13:17.000000000 -0500
-@@ -442,7 +442,7 @@
- config GRKERNSEC_PROC_GID
- int "GID for special group"
- depends on GRKERNSEC_PROC_USERGROUP
-- default 1001
-+ default 10
-
- config GRKERNSEC_PROC_ADD
- bool "Additional restrictions"
-@@ -670,7 +670,7 @@
+diff -Nuar a/grsecurity/Kconfig b/Kconfig
+--- a/grsecurity/Kconfig 2012-07-01 12:54:58.000000000 -0400
++++ b/grsecurity/Kconfig 2012-07-01 13:00:04.000000000 -0400
+@@ -519,7 +519,7 @@
config GRKERNSEC_AUDIT_GID
int "GID for auditing"
depends on GRKERNSEC_AUDIT_GROUP
@@ -30,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
config GRKERNSEC_EXECLOG
bool "Exec logging"
-@@ -874,7 +874,7 @@
+@@ -734,7 +734,7 @@
config GRKERNSEC_TPE_GID
int "GID for untrusted users"
depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -39,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*enabled* for. If the sysctl option is enabled, a sysctl option
-@@ -883,7 +883,7 @@
+@@ -743,7 +743,7 @@
config GRKERNSEC_TPE_GID
int "GID for trusted users"
depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -48,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -956,7 +956,7 @@
+@@ -818,7 +818,7 @@
config GRKERNSEC_SOCKET_ALL_GID
int "GID to deny all sockets for"
depends on GRKERNSEC_SOCKET_ALL
@@ -57,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable socket access for. Remember to
add the users you want socket access disabled for to the GID
-@@ -977,7 +977,7 @@
+@@ -839,7 +839,7 @@
config GRKERNSEC_SOCKET_CLIENT_GID
int "GID to deny client sockets for"
depends on GRKERNSEC_SOCKET_CLIENT
@@ -66,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable client socket access for.
Remember to add the users you want client socket access disabled for to
-@@ -995,7 +995,7 @@
+@@ -857,7 +857,7 @@
config GRKERNSEC_SOCKET_SERVER_GID
int "GID to deny server sockets for"
depends on GRKERNSEC_SOCKET_SERVER
@@ -75,3 +70,15 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable server socket access for.
Remember to add the users you want server socket access disabled for to
+diff -Nuar a/security/Kconfig b/security/Kconfig
+--- a/security/Kconfig 2012-07-01 12:51:41.000000000 -0400
++++ b/security/Kconfig 2012-07-01 13:00:23.000000000 -0400
+@@ -186,7 +186,7 @@
+
+ config GRKERNSEC_PROC_GID
+ int "GID exempted from /proc restrictions"
+- default 1001
++ default 10
+ help
+ Setting this GID determines which group will be exempted from
+ grsecurity's /proc restrictions, allowing users of the specified