diff options
Diffstat (limited to '2.6.32/4450_grsec-kconfig-default-gids.patch')
-rw-r--r-- | 2.6.32/4450_grsec-kconfig-default-gids.patch | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch index 8c6f609..038bb2e 100644 --- a/2.6.32/4450_grsec-kconfig-default-gids.patch +++ b/2.6.32/4450_grsec-kconfig-default-gids.patch @@ -1,3 +1,7 @@ +From: Anthony G. Basile <blueness@gentoo.org> +Updated patch for the new Kconfig system for >=3.4.4 + +--- From: Kerin Millar <kerframil@gmail.com> grsecurity contains a number of options which allow certain protections @@ -9,19 +13,10 @@ attention to the finer points of kernel configuration, it is probably wise to specify some reasonable defaults so as to stop careless users from shooting themselves in the foot. -diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig ---- a/grsecurity/Kconfig 2011-12-12 15:11:47.000000000 -0500 -+++ b/grsecurity/Kconfig 2011-12-12 15:13:17.000000000 -0500 -@@ -442,7 +442,7 @@ - config GRKERNSEC_PROC_GID - int "GID for special group" - depends on GRKERNSEC_PROC_USERGROUP -- default 1001 -+ default 10 - - config GRKERNSEC_PROC_ADD - bool "Additional restrictions" -@@ -670,7 +670,7 @@ +diff -Nuar a/grsecurity/Kconfig b/Kconfig +--- a/grsecurity/Kconfig 2012-07-01 12:54:58.000000000 -0400 ++++ b/grsecurity/Kconfig 2012-07-01 13:00:04.000000000 -0400 +@@ -519,7 +519,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -30,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -874,7 +874,7 @@ +@@ -734,7 +734,7 @@ config GRKERNSEC_TPE_GID int "GID for untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -39,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -883,7 +883,7 @@ +@@ -743,7 +743,7 @@ config GRKERNSEC_TPE_GID int "GID for trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -48,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -956,7 +956,7 @@ +@@ -818,7 +818,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -57,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -977,7 +977,7 @@ +@@ -839,7 +839,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -66,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -995,7 +995,7 @@ +@@ -857,7 +857,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER @@ -75,3 +70,15 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable server socket access for. Remember to add the users you want server socket access disabled for to +diff -Nuar a/security/Kconfig b/security/Kconfig +--- a/security/Kconfig 2012-07-01 12:51:41.000000000 -0400 ++++ b/security/Kconfig 2012-07-01 13:00:23.000000000 -0400 +@@ -186,7 +186,7 @@ + + config GRKERNSEC_PROC_GID + int "GID exempted from /proc restrictions" +- default 1001 ++ default 10 + help + Setting this GID determines which group will be exempted from + grsecurity's /proc restrictions, allowing users of the specified |