diff options
Diffstat (limited to '3.0.8/4430_grsec-kconfig-default-gids.patch')
-rw-r--r-- | 3.0.8/4430_grsec-kconfig-default-gids.patch | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/3.0.8/4430_grsec-kconfig-default-gids.patch b/3.0.8/4430_grsec-kconfig-default-gids.patch deleted file mode 100644 index 6a448bf..0000000 --- a/3.0.8/4430_grsec-kconfig-default-gids.patch +++ /dev/null @@ -1,77 +0,0 @@ -From: Kerin Millar <kerframil@gmail.com> - -grsecurity contains a number of options which allow certain protections -to be applied to or exempted from members of a given group. However, the -default GIDs specified in the upstream patch are entirely arbitrary and -there is no telling which (if any) groups the GIDs will correlate with -on an end-user's system. Because some users don't pay a great deal of -attention to the finer points of kernel configuration, it is probably -wise to specify some reasonable defaults so as to stop careless users -from shooting themselves in the foot. - -diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig ---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:15:55.000000000 -0400 -+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:37:33.000000000 -0400 -@@ -433,7 +433,7 @@ - config GRKERNSEC_PROC_GID - int "GID for special group" - depends on GRKERNSEC_PROC_USERGROUP -- default 1001 -+ default 10 - - config GRKERNSEC_PROC_ADD - bool "Additional restrictions" -@@ -657,7 +657,7 @@ - config GRKERNSEC_AUDIT_GID - int "GID for auditing" - depends on GRKERNSEC_AUDIT_GROUP -- default 1007 -+ default 100 - - config GRKERNSEC_EXECLOG - bool "Exec logging" -@@ -835,7 +835,7 @@ - config GRKERNSEC_TPE_GID - int "GID for untrusted users" - depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT -- default 1005 -+ default 100 - help - Setting this GID determines what group TPE restrictions will be - *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -844,7 +844,7 @@ - config GRKERNSEC_TPE_GID - int "GID for trusted users" - depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT -- default 1005 -+ default 10 - help - Setting this GID determines what group TPE restrictions will be - *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -917,7 +917,7 @@ - config GRKERNSEC_SOCKET_ALL_GID - int "GID to deny all sockets for" - depends on GRKERNSEC_SOCKET_ALL -- default 1004 -+ default 65534 - help - Here you can choose the GID to disable socket access for. Remember to - add the users you want socket access disabled for to the GID -@@ -938,7 +938,7 @@ - config GRKERNSEC_SOCKET_CLIENT_GID - int "GID to deny client sockets for" - depends on GRKERNSEC_SOCKET_CLIENT -- default 1003 -+ default 65534 - help - Here you can choose the GID to disable client socket access for. - Remember to add the users you want client socket access disabled for to -@@ -956,7 +956,7 @@ - config GRKERNSEC_SOCKET_SERVER_GID - int "GID to deny server sockets for" - depends on GRKERNSEC_SOCKET_SERVER -- default 1002 -+ default 65534 - help - Here you can choose the GID to disable server socket access for. - Remember to add the users you want server socket access disabled for to |