Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/3.0.8/4430_grsec-kconfig-default-gids.patch
diff options
context:
space:
mode:
Diffstat (limited to '3.0.8/4430_grsec-kconfig-default-gids.patch')
-rw-r--r--3.0.8/4430_grsec-kconfig-default-gids.patch77
1 files changed, 0 insertions, 77 deletions
diff --git a/3.0.8/4430_grsec-kconfig-default-gids.patch b/3.0.8/4430_grsec-kconfig-default-gids.patch
deleted file mode 100644
index 6a448bf..0000000
--- a/3.0.8/4430_grsec-kconfig-default-gids.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From: Kerin Millar <kerframil@gmail.com>
-
-grsecurity contains a number of options which allow certain protections
-to be applied to or exempted from members of a given group. However, the
-default GIDs specified in the upstream patch are entirely arbitrary and
-there is no telling which (if any) groups the GIDs will correlate with
-on an end-user's system. Because some users don't pay a great deal of
-attention to the finer points of kernel configuration, it is probably
-wise to specify some reasonable defaults so as to stop careless users
-from shooting themselves in the foot.
-
-diff -Naur linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig linux-2.6.32-hardened-r44/grsecurity/Kconfig
---- linux-2.6.32-hardened-r44.orig/grsecurity/Kconfig 2011-04-17 18:15:55.000000000 -0400
-+++ linux-2.6.32-hardened-r44/grsecurity/Kconfig 2011-04-17 18:37:33.000000000 -0400
-@@ -433,7 +433,7 @@
- config GRKERNSEC_PROC_GID
- int "GID for special group"
- depends on GRKERNSEC_PROC_USERGROUP
-- default 1001
-+ default 10
-
- config GRKERNSEC_PROC_ADD
- bool "Additional restrictions"
-@@ -657,7 +657,7 @@
- config GRKERNSEC_AUDIT_GID
- int "GID for auditing"
- depends on GRKERNSEC_AUDIT_GROUP
-- default 1007
-+ default 100
-
- config GRKERNSEC_EXECLOG
- bool "Exec logging"
-@@ -835,7 +835,7 @@
- config GRKERNSEC_TPE_GID
- int "GID for untrusted users"
- depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
-- default 1005
-+ default 100
- help
- Setting this GID determines what group TPE restrictions will be
- *enabled* for. If the sysctl option is enabled, a sysctl option
-@@ -844,7 +844,7 @@
- config GRKERNSEC_TPE_GID
- int "GID for trusted users"
- depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
-- default 1005
-+ default 10
- help
- Setting this GID determines what group TPE restrictions will be
- *disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -917,7 +917,7 @@
- config GRKERNSEC_SOCKET_ALL_GID
- int "GID to deny all sockets for"
- depends on GRKERNSEC_SOCKET_ALL
-- default 1004
-+ default 65534
- help
- Here you can choose the GID to disable socket access for. Remember to
- add the users you want socket access disabled for to the GID
-@@ -938,7 +938,7 @@
- config GRKERNSEC_SOCKET_CLIENT_GID
- int "GID to deny client sockets for"
- depends on GRKERNSEC_SOCKET_CLIENT
-- default 1003
-+ default 65534
- help
- Here you can choose the GID to disable client socket access for.
- Remember to add the users you want client socket access disabled for to
-@@ -956,7 +956,7 @@
- config GRKERNSEC_SOCKET_SERVER_GID
- int "GID to deny server sockets for"
- depends on GRKERNSEC_SOCKET_SERVER
-- default 1002
-+ default 65534
- help
- Here you can choose the GID to disable server socket access for.
- Remember to add the users you want server socket access disabled for to