summaryrefslogtreecommitdiff
blob: c5886833e24186270ff23e925c7c6fa028a06f5f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
From: Anthony G. Basile <blueness@gentoo.org>

Address the mutually exclusive options GRKERNSEC_PROC_USER and GRKERNSEC_PROC_USERGROUP
in a different way to avoid bug #366019.  This patch should eventually go upstream.

diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig
--- a/grsecurity/Kconfig	2011-06-29 10:02:56.000000000 -0400
+++ b/grsecurity/Kconfig	2011-06-29 10:08:07.000000000 -0400
@@ -666,7 +666,7 @@
 
 config GRKERNSEC_PROC_USER
 	bool "Restrict /proc to user only"
-	depends on GRKERNSEC_PROC
+	depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USERGROUP
 	help
 	  If you say Y here, non-root users will only be able to view their own
 	  processes, and restricts them from viewing network-related information,
@@ -674,7 +674,7 @@
 
 config GRKERNSEC_PROC_USERGROUP
 	bool "Allow special group"
-	depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
+	depends on GRKERNSEC_PROC
 	help
 	  If you say Y here, you will be able to select a group that will be
           able to view all processes and network-related information.  If you've