blob: de044fb910cd6767a77533d8f73e8b1f3121d8a6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From: Anthony G. Basile <blueness@gentoo.org>
Address the mutually exclusive options GRKERNSEC_PROC_USER and GRKERNSEC_PROC_USERGROUP
in a different way to avoid bug #366019. This patch should eventually go upstream.
diff -Naur linux-2.6.32-hardened-r54.orig//grsecurity/Kconfig linux-2.6.32-hardened-r54/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400
+++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400
@@ -670,7 +670,7 @@
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
- depends on GRKERNSEC_PROC
+ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USERGROUP
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
@@ -678,7 +678,7 @@
config GRKERNSEC_PROC_USERGROUP
bool "Allow special group"
- depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
+ depends on GRKERNSEC_PROC
help
If you say Y here, you will be able to select a group that will be
able to view all processes and network-related information. If you've
|