1 |
Brian A. Davis wrote: |
2 |
> emerge brought into 3.0.24. Now I'm hosed :(. |
3 |
> |
4 |
> Anyone else seeing this: |
5 |
> |
6 |
> smbd: stack smashing attack in function open_sockets_smbd() |
7 |
> |
8 |
> Thanks, |
9 |
> Brian |
10 |
> |
11 |
> |
12 |
> |
13 |
> |
14 |
|
15 |
No problems here. Did you file a bug with various emerge --info and |
16 |
whatnot? Here's some of my info just for comparison. No grsec policies |
17 |
defined yet. |
18 |
|
19 |
|
20 |
# emerge --info && emerge -pv samba |
21 |
Portage 2.1.2-r9 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, |
22 |
2.6.17-hardened-r1 i686) |
23 |
================================================================= |
24 |
System uname: 2.6.17-hardened-r1 i686 Intel(R) Xeon(TM) CPU 3.00GHz |
25 |
Gentoo Base System release 1.12.9 |
26 |
Timestamp of tree: Tue, 13 Mar 2007 06:00:01 +0000 |
27 |
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) |
28 |
[enabled] |
29 |
ccache version 2.4 [enabled] |
30 |
dev-lang/python: 2.4.3-r4 |
31 |
dev-python/pycrypto: 2.0.1-r5 |
32 |
dev-util/ccache: 2.4-r6 |
33 |
sys-apps/sandbox: 1.2.17 |
34 |
sys-devel/autoconf: 2.13, 2.60 |
35 |
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 |
36 |
sys-devel/binutils: 2.16.1-r3 |
37 |
sys-devel/gcc-config: 1.3.14 |
38 |
sys-devel/libtool: 1.5.22 |
39 |
virtual/os-headers: 2.6.17-r2 |
40 |
ACCEPT_KEYWORDS="x86" |
41 |
AUTOCLEAN="yes" |
42 |
CBUILD="i686-pc-linux-gnu" |
43 |
CFLAGS="-march=pentium4 -O2 -pipe -fforce-addr" |
44 |
CHOST="i686-pc-linux-gnu" |
45 |
CONFIG_PROTECT="/etc" |
46 |
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/hotplug /etc/hotplug.d |
47 |
/etc/init.d /etc/revdep-rebuild /etc/terminfo /etc/udev" |
48 |
CXXFLAGS="-march=pentium4 -O2 -pipe -fforce-addr" |
49 |
DISTDIR="/usr/portage/distfiles" |
50 |
FEATURES="autoconfig buildpkg ccache collision-protect distcc distlocks |
51 |
metadata-transfer parallel-fetch sandbox sfperms strict userfetch" |
52 |
GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo/ |
53 |
ftp://gentoo.chem.wisc.edu/gentoo/ http://gentoo.mirrors.tds.net/gentoo |
54 |
ftp://gentoo.mirrors.tds.net/gentoo http://gentoo.osuosl.org/ |
55 |
ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ |
56 |
http://distro.ibiblio.org/pub/linux/distributions/gentoo/ |
57 |
http://distfiles.gentoo.org" |
58 |
MAKEOPTS="-j5" |
59 |
PKGDIR="/mnt/build/packages" |
60 |
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times |
61 |
--compress --force --whole-file --delete --delete-after --stats |
62 |
--timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" |
63 |
PORTAGE_TMPDIR="/var/tmp" |
64 |
PORTDIR="/mnt/build/portage" |
65 |
PORTDIR_OVERLAY="/mnt/build/portage-local" |
66 |
SYNC="rsync://tux-mc.hslc.wisc.edu/gentoo-portage" |
67 |
USE="acl acpi apache2 bash-completion berkdb bzip2 caps chroot cracklib |
68 |
crypt erandom fam gmp gpm hardened jpeg lm_sensors logrotate maildir mmx |
69 |
ncurses nls nptl pam pcre perl pic png python readline smp snmp sse sse2 |
70 |
ssl syslog tcpd threads vhosts x86 xattr xml xpm" |
71 |
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug |
72 |
file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null |
73 |
plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse |
74 |
keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk |
75 |
hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" |
76 |
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, |
77 |
LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, |
78 |
PORTAGE_RSYNC_EXTRA_OPTS |
79 |
|
80 |
|
81 |
These are the packages that would be merged, in order: |
82 |
|
83 |
Calculating dependencies... done! |
84 |
[ebuild R ] net-fs/samba-3.0.24 USE="acl caps%* fam pam python |
85 |
readline syslog -async -automount -cups -doc -examples -kerberos -ldap |
86 |
-oav -quotas (-selinux) -swat -winbind" LINGUAS="-ja -pl" 0 kB |
87 |
|
88 |
Total: 1 package (1 reinstall), Size of downloads: 0 kB |
89 |
|
90 |
|
91 |
|
92 |
# grep -i 'sec\|pax' /usr/src/linux/.config |
93 |
|
94 |
CONFIG_SECCOMP=y |
95 |
CONFIG_EXT2_FS_SECURITY=y |
96 |
CONFIG_EXT3_FS_SECURITY=y |
97 |
CONFIG_REISERFS_FS_SECURITY=y |
98 |
CONFIG_XFS_SECURITY=y |
99 |
# CONFIG_RPCSEC_GSS_KRB5 is not set |
100 |
# CONFIG_RPCSEC_GSS_SPKM3 is not set |
101 |
# Security options |
102 |
# PaX |
103 |
CONFIG_PAX=y |
104 |
# PaX Control |
105 |
# CONFIG_PAX_SOFTMODE is not set |
106 |
CONFIG_PAX_EI_PAX=y |
107 |
CONFIG_PAX_PT_PAX_FLAGS=y |
108 |
CONFIG_PAX_NO_ACL_FLAGS=y |
109 |
# CONFIG_PAX_HAVE_ACL_FLAGS is not set |
110 |
# CONFIG_PAX_HOOK_ACL_FLAGS is not set |
111 |
CONFIG_PAX_NOEXEC=y |
112 |
# CONFIG_PAX_PAGEEXEC is not set |
113 |
CONFIG_PAX_SEGMEXEC=y |
114 |
CONFIG_PAX_EMUTRAMP=y |
115 |
CONFIG_PAX_MPROTECT=y |
116 |
# CONFIG_PAX_NOELFRELOCS is not set |
117 |
# CONFIG_PAX_KERNEXEC is not set |
118 |
CONFIG_PAX_ASLR=y |
119 |
CONFIG_PAX_RANDKSTACK=y |
120 |
CONFIG_PAX_RANDUSTACK=y |
121 |
CONFIG_PAX_RANDMMAP=y |
122 |
CONFIG_PAX_NOVSYSCALL=y |
123 |
# CONFIG_PAX_MEMORY_SANITIZE is not set |
124 |
# CONFIG_PAX_MEMORY_UDEREF is not set |
125 |
# Grsecurity |
126 |
CONFIG_GRKERNSEC=y |
127 |
# CONFIG_GRKERNSEC_LOW is not set |
128 |
# CONFIG_GRKERNSEC_MEDIUM is not set |
129 |
# CONFIG_GRKERNSEC_HIGH is not set |
130 |
CONFIG_GRKERNSEC_CUSTOM=y |
131 |
CONFIG_GRKERNSEC_KMEM=y |
132 |
CONFIG_GRKERNSEC_IO=y |
133 |
CONFIG_GRKERNSEC_PROC_MEMMAP=y |
134 |
CONFIG_GRKERNSEC_BRUTE=y |
135 |
CONFIG_GRKERNSEC_MODSTOP=y |
136 |
CONFIG_GRKERNSEC_HIDESYM=y |
137 |
CONFIG_GRKERNSEC_ACL_HIDEKERN=y |
138 |
CONFIG_GRKERNSEC_ACL_MAXTRIES=3 |
139 |
CONFIG_GRKERNSEC_ACL_TIMEOUT=30 |
140 |
CONFIG_GRKERNSEC_PROC=y |
141 |
CONFIG_GRKERNSEC_PROC_USER=y |
142 |
CONFIG_GRKERNSEC_PROC_ADD=y |
143 |
CONFIG_GRKERNSEC_LINK=y |
144 |
CONFIG_GRKERNSEC_FIFO=y |
145 |
CONFIG_GRKERNSEC_CHROOT=y |
146 |
CONFIG_GRKERNSEC_CHROOT_MOUNT=y |
147 |
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y |
148 |
CONFIG_GRKERNSEC_CHROOT_PIVOT=y |
149 |
CONFIG_GRKERNSEC_CHROOT_CHDIR=y |
150 |
CONFIG_GRKERNSEC_CHROOT_CHMOD=y |
151 |
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y |
152 |
CONFIG_GRKERNSEC_CHROOT_MKNOD=y |
153 |
CONFIG_GRKERNSEC_CHROOT_SHMAT=y |
154 |
CONFIG_GRKERNSEC_CHROOT_UNIX=y |
155 |
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y |
156 |
CONFIG_GRKERNSEC_CHROOT_NICE=y |
157 |
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y |
158 |
CONFIG_GRKERNSEC_CHROOT_CAPS=y |
159 |
CONFIG_GRKERNSEC_AUDIT_GROUP=y |
160 |
CONFIG_GRKERNSEC_AUDIT_GID=10005 |
161 |
CONFIG_GRKERNSEC_EXECLOG=y |
162 |
CONFIG_GRKERNSEC_RESLOG=y |
163 |
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y |
164 |
CONFIG_GRKERNSEC_AUDIT_CHDIR=y |
165 |
CONFIG_GRKERNSEC_AUDIT_MOUNT=y |
166 |
CONFIG_GRKERNSEC_AUDIT_IPC=y |
167 |
CONFIG_GRKERNSEC_SIGNAL=y |
168 |
CONFIG_GRKERNSEC_FORKFAIL=y |
169 |
CONFIG_GRKERNSEC_TIME=y |
170 |
CONFIG_GRKERNSEC_PROC_IPADDR=y |
171 |
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set |
172 |
CONFIG_GRKERNSEC_EXECVE=y |
173 |
CONFIG_GRKERNSEC_SHM=y |
174 |
CONFIG_GRKERNSEC_DMESG=y |
175 |
CONFIG_GRKERNSEC_RANDPID=y |
176 |
CONFIG_GRKERNSEC_TPE=y |
177 |
CONFIG_GRKERNSEC_TPE_ALL=y |
178 |
# CONFIG_GRKERNSEC_TPE_INVERT is not set |
179 |
CONFIG_GRKERNSEC_TPE_GID=10006 |
180 |
CONFIG_GRKERNSEC_RANDNET=y |
181 |
CONFIG_GRKERNSEC_SOCKET=y |
182 |
CONFIG_GRKERNSEC_SOCKET_ALL=y |
183 |
CONFIG_GRKERNSEC_SOCKET_ALL_GID=10004 |
184 |
CONFIG_GRKERNSEC_SOCKET_CLIENT=y |
185 |
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=10003 |
186 |
CONFIG_GRKERNSEC_SOCKET_SERVER=y |
187 |
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=10002 |
188 |
CONFIG_GRKERNSEC_SYSCTL=y |
189 |
# CONFIG_GRKERNSEC_SYSCTL_ON is not set |
190 |
CONFIG_GRKERNSEC_FLOODTIME=5 |
191 |
CONFIG_GRKERNSEC_FLOODBURST=5 |
192 |
CONFIG_SECURITY=y |
193 |
# CONFIG_SECURITY_NETWORK is not set |
194 |
CONFIG_SECURITY_CAPABILITIES=y |
195 |
# CONFIG_SECURITY_ROOTPLUG is not set |
196 |
# CONFIG_SECURITY_SECLVL is not set |
197 |
-- |
198 |
gentoo-hardened@g.o mailing list |