From 739c95151ded3bb81a3eabdee283ec649d53b59f Mon Sep 17 00:00:00 2001 From: "Anthony G. Basile" Date: Tue, 25 Oct 2011 15:52:52 -0400 Subject: Deprecate 2.6.39 --- 2.6.39/4428_grsec-pax-without-grsec.patch | 88 ------------------------------- 1 file changed, 88 deletions(-) delete mode 100644 2.6.39/4428_grsec-pax-without-grsec.patch (limited to '2.6.39/4428_grsec-pax-without-grsec.patch') diff --git a/2.6.39/4428_grsec-pax-without-grsec.patch b/2.6.39/4428_grsec-pax-without-grsec.patch deleted file mode 100644 index ab11790..0000000 --- a/2.6.39/4428_grsec-pax-without-grsec.patch +++ /dev/null @@ -1,88 +0,0 @@ -From: Anthony G. Basile - -With grsecurity-2.2.2-2.6.32.38-201104171745, the functions pax_report_leak_to_user and -pax_report_overflow_from_user in fs/exec.c were consolidated into pax_report_usercopy. -This patch has been updated to reflect that change. --- -From: Jory Pratt -Updated patch for kernel 2.6.32 - -The credits/description from the original version of this patch remain accurate -and are included below. --- -From: Gordon Malm - -Allow PaX options to be selected without first selecting CONFIG_GRKERNSEC. - -This patch has been updated to keep current with newer kernel versions. -The original version of this patch contained no credits/description. - -diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c ---- a/arch/x86/mm/fault.c 2011-04-17 19:05:03.000000000 -0400 -+++ a/arch/x86/mm/fault.c 2011-04-17 19:20:30.000000000 -0400 -@@ -646,10 +646,12 @@ - - #ifdef CONFIG_PAX_KERNEXEC - if (init_mm.start_code <= address && address < init_mm.end_code) { -+#ifdef CONFIG_GRKERNSEC - if (current->signal->curr_ip) - printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", - ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); - else -+#endif - printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", - current->comm, task_pid_nr(current), current_uid(), current_euid()); - } -diff -Naur a/fs/exec.c b/fs/exec.c ---- a/fs/exec.c 2011-04-17 19:05:03.000000000 -0400 -+++ b/fs/exec.c 2011-04-17 19:20:30.000000000 -0400 -@@ -1845,9 +1845,11 @@ - } - up_read(&mm->mmap_sem); - } -+#ifdef CONFIG_GRKERNSEC - if (tsk->signal->curr_ip) - printk(KERN_ERR "PAX: From %pI4: execution attempt in: %s, %08lx-%08lx %08lx\n", &tsk->signal->curr_ip, path_fault, start, end, offset); - else -+#endif - printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset); - printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " - "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), -@@ -1862,10 +1864,12 @@ - #ifdef CONFIG_PAX_REFCOUNT - void pax_report_refcount_overflow(struct pt_regs *regs) - { -+#ifdef CONFIG_GRKERNSEC - if (current->signal->curr_ip) - printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", - ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); - else -+#endif - printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", - current->comm, task_pid_nr(current), current_uid(), current_euid()); - print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); -@@ -1925,10 +1929,12 @@ - - void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) - { -+#ifdef CONFIG_GRKERNSEC - if (current->signal->curr_ip) - printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", - ¤t->signal->curr_ip, to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len); - else -+#endif - printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", - to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len); - dump_stack(); -diff -Naur a/security/Kconfig b/security/Kconfig ---- a/security/Kconfig 2011-04-17 19:05:03.000000000 -0400 -+++ b/security/Kconfig 2011-04-17 19:20:30.000000000 -0400 -@@ -26,7 +26,7 @@ - - config PAX - bool "Enable various PaX features" -- depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86) -+ depends on (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86) - help - This allows you to enable various PaX features. PaX adds - intrusion prevention mechanisms to the kernel that reduce -- cgit v1.2.3-65-gdbad