[gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.3.3/, 3.2.16/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.3.3/, 3.2.16/
Date:	Mon, 30 Apr 2012 11:32:34
Message-Id:	`1335785245.a8c2ec02358ccda733de078af3d945de2753d246.blueness@gentoo`

1

commit:     a8c2ec02358ccda733de078af3d945de2753d246

2

Author:     Matthew Thode <prometheanfire <AT> gentoo <DOT> org>

3

AuthorDate: Fri Apr 27 03:52:48 2012 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Mon Apr 30 11:27:25 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=a8c2ec02

7

8

4455_grsec-kconfig-gentoo.patch: fixed CONFIG_PAX_MEMORY_STACKLEAK

9

10

On xenserver guests and other systems, relaxing the constraints on

11

PAX_RANDKSTACK, PAX_KERNEXEC and PAX_MEMORY_UDEREF means that the user

12

can turn on these which will cause breakage.  Restoring the constrainst

13

prevents this.

14

15

Signed-off-by: Matthew Thode <prometheanfire <AT> gentoo.org>

16

Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

17

18

---

19

 2.6.32/4455_grsec-kconfig-gentoo.patch |   20 ++++++++++----------

20

 3.2.16/4455_grsec-kconfig-gentoo.patch |   20 ++++++++++----------

21

 3.3.3/4455_grsec-kconfig-gentoo.patch  |    6 +++---

22

 3 files changed, 23 insertions(+), 23 deletions(-)

23

24

diff --git a/2.6.32/4455_grsec-kconfig-gentoo.patch b/2.6.32/4455_grsec-kconfig-gentoo.patch

25

index e578aa6..e18ba0b 100644

26

--- a/2.6.32/4455_grsec-kconfig-gentoo.patch

27

+++ b/2.6.32/4455_grsec-kconfig-gentoo.patch

28

@@ -77,7 +77,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

29

 +	select GRKERNSEC_SYSCTL_ON

30

 +	select PAX

31

 +	select PAX_ASLR

32

-+	select PAX_RANDKSTACK

33

++	select PAX_RANDKSTACK if (X86_TSC && X86)

34

 +	select PAX_RANDUSTACK

35

 +	select PAX_RANDMMAP

36

 +	select PAX_NOEXEC

37

@@ -85,8 +85,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

38

 +	select PAX_EI_PAX

39

 +	select PAX_PT_PAX_FLAGS

40

 +	select PAX_HAVE_ACL_FLAGS

41

-+	select PAX_KERNEXEC

42

-+	select PAX_MEMORY_UDEREF

43

++	select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)

44

++	select PAX_MEMORY_UDEREF if (X86 && !XEN)

45

 +	select PAX_SEGMEXEC if (X86_32)

46

 +	select PAX_PAGEEXEC

47

 +	select PAX_EMUPLT if (ALPHA || PARISC || SPARC)

48

@@ -95,7 +95,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

49

 +	select PAX_REFCOUNT if (X86 || SPARC64)

50

 +	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))

51

 +	select PAX_MEMORY_SANITIZE

52

-+	select PAX_MEMORY_STACKLEAK

53

++	select PAX_MEMORY_STACKLEAK if (!XEN)

54

 +	help

55

 +	  If you say Y here, a configuration for grsecurity/PaX features

56

 +	  will be used that is endorsed by the Hardened Gentoo project.

57

@@ -162,7 +162,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

58

 +	select GRKERNSEC_SYSCTL_ON

59

 +	select PAX

60

 +	select PAX_ASLR

61

-+	select PAX_RANDKSTACK

62

++	select PAX_RANDKSTACK if (X86_TSC && X86)

63

 +	select PAX_RANDUSTACK

64

 +	select PAX_RANDMMAP

65

 +	select PAX_NOEXEC

66

@@ -170,8 +170,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

67

 +	select PAX_EI_PAX

68

 +	select PAX_PT_PAX_FLAGS

69

 +	select PAX_HAVE_ACL_FLAGS

70

-+	select PAX_KERNEXEC

71

-+	select PAX_MEMORY_UDEREF

72

++	select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)

73

++	select PAX_MEMORY_UDEREF if (X86 && !XEN)

74

 +	select PAX_SEGMEXEC if (X86_32)

75

 +	select PAX_PAGEEXEC

76

 +	select PAX_EMUPLT if (ALPHA || PARISC || SPARC)

77

@@ -180,7 +180,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

78

 +	select PAX_REFCOUNT if (X86 || SPARC64)

79

 +	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))

80

 +	select PAX_MEMORY_SANITIZE

81

-+	select PAX_MEMORY_STACKLEAK

82

++	select PAX_MEMORY_STACKLEAK if (!XEN)

83

 +	help

84

 +	  If you say Y here, a configuration for grsecurity/PaX features

85

 +	  will be used that is endorsed by the Hardened Gentoo project.

86

@@ -247,7 +247,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

87

 +	select GRKERNSEC_SYSCTL_ON

88

 +	select PAX

89

 +	select PAX_ASLR

90

-+	select PAX_RANDKSTACK

91

++	select PAX_RANDKSTACK if (X86_TSC && X86)

92

 +	select PAX_RANDUSTACK

93

 +	select PAX_RANDMMAP

94

 +	select PAX_NOEXEC

95

@@ -263,7 +263,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

96

 +	select PAX_REFCOUNT if (X86 || SPARC64)

97

 +	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))

98

 +	select PAX_MEMORY_SANITIZE

99

-+	select PAX_MEMORY_STACKLEAK

100

++	select PAX_MEMORY_STACKLEAK if (!XEN)

101

 +	help

102

 +	  If you say Y here, a configuration for grsecurity/PaX features

103

 +	  will be used that is endorsed by the Hardened Gentoo project.

104

105

diff --git a/3.2.16/4455_grsec-kconfig-gentoo.patch b/3.2.16/4455_grsec-kconfig-gentoo.patch

106

index 2527bad..87b5454 100644

107

--- a/3.2.16/4455_grsec-kconfig-gentoo.patch

108

+++ b/3.2.16/4455_grsec-kconfig-gentoo.patch

109

@@ -77,7 +77,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

110

 +	select GRKERNSEC_SYSCTL_ON

111

 +	select PAX

112

 +	select PAX_ASLR

113

-+	select PAX_RANDKSTACK

114

++	select PAX_RANDKSTACK if (X86_TSC && X86)

115

 +	select PAX_RANDUSTACK

116

 +	select PAX_RANDMMAP

117

 +	select PAX_NOEXEC

118

@@ -85,8 +85,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

119

 +	select PAX_EI_PAX

120

 +	select PAX_PT_PAX_FLAGS

121

 +	select PAX_HAVE_ACL_FLAGS

122

-+	select PAX_KERNEXEC

123

-+	select PAX_MEMORY_UDEREF

124

++	select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)

125

++	select PAX_MEMORY_UDEREF if (X86 && !XEN)

126

 +	select PAX_SEGMEXEC if (X86_32)

127

 +	select PAX_PAGEEXEC

128

 +	select PAX_EMUPLT if (ALPHA || PARISC || SPARC)

129

@@ -95,7 +95,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

130

 +	select PAX_REFCOUNT if (X86 || SPARC64)

131

 +	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))

132

 +	select PAX_MEMORY_SANITIZE

133

-+	select PAX_MEMORY_STACKLEAK

134

++	select PAX_MEMORY_STACKLEAK if (!XEN)

135

 +	help

136

 +	  If you say Y here, a configuration for grsecurity/PaX features

137

 +	  will be used that is endorsed by the Hardened Gentoo project.

138

@@ -162,7 +162,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

139

 +	select GRKERNSEC_SYSCTL_ON

140

 +	select PAX

141

 +	select PAX_ASLR

142

-+	select PAX_RANDKSTACK

143

++	select PAX_RANDKSTACK if (X86_TSC && X86)

144

 +	select PAX_RANDUSTACK

145

 +	select PAX_RANDMMAP

146

 +	select PAX_NOEXEC

147

@@ -170,8 +170,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

148

 +	select PAX_EI_PAX

149

 +	select PAX_PT_PAX_FLAGS

150

 +	select PAX_HAVE_ACL_FLAGS

151

-+	select PAX_KERNEXEC

152

-+	select PAX_MEMORY_UDEREF

153

++	select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)

154

++	select PAX_MEMORY_UDEREF if (X86 && !XEN)

155

 +	select PAX_SEGMEXEC if (X86_32)

156

 +	select PAX_PAGEEXEC

157

 +	select PAX_EMUPLT if (ALPHA || PARISC || SPARC)

158

@@ -180,7 +180,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

159

 +	select PAX_REFCOUNT if (X86 || SPARC64)

160

 +	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))

161

 +	select PAX_MEMORY_SANITIZE

162

-+	select PAX_MEMORY_STACKLEAK

163

++	select PAX_MEMORY_STACKLEAK if (!XEN)

164

 +	help

165

 +	  If you say Y here, a configuration for grsecurity/PaX features

166

 +	  will be used that is endorsed by the Hardened Gentoo project.

167

@@ -247,7 +247,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

168

 +	select GRKERNSEC_SYSCTL_ON

169

 +	select PAX

170

 +	select PAX_ASLR

171

-+	select PAX_RANDKSTACK

172

++	select PAX_RANDKSTACK if (X86_TSC && X86)

173

 +	select PAX_RANDUSTACK

174

 +	select PAX_RANDMMAP

175

 +	select PAX_NOEXEC

176

@@ -263,7 +263,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

177

 +	select PAX_REFCOUNT if (X86 || SPARC64)

178

 +	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))

179

 +	select PAX_MEMORY_SANITIZE

180

-+	select PAX_MEMORY_STACKLEAK

181

++	select PAX_MEMORY_STACKLEAK if (!XEN)

182

 +	help

183

 +	  If you say Y here, a configuration for grsecurity/PaX features

184

 +	  will be used that is endorsed by the Hardened Gentoo project.

185

186

diff --git a/3.3.3/4455_grsec-kconfig-gentoo.patch b/3.3.3/4455_grsec-kconfig-gentoo.patch

187

index ef59341..1ce4ccf 100644

188

--- a/3.3.3/4455_grsec-kconfig-gentoo.patch

189

+++ b/3.3.3/4455_grsec-kconfig-gentoo.patch

190

@@ -95,7 +95,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

191

 +	select PAX_REFCOUNT if (X86 || SPARC64)

192

 +	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))

193

 +	select PAX_MEMORY_SANITIZE

194

-+	select PAX_MEMORY_STACKLEAK

195

++	select PAX_MEMORY_STACKLEAK if (!XEN)

196

 +	help

197

 +	  If you say Y here, a configuration for grsecurity/PaX features

198

 +	  will be used that is endorsed by the Hardened Gentoo project.

199

@@ -180,7 +180,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

200

 +	select PAX_REFCOUNT if (X86 || SPARC64)

201

 +	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))

202

 +	select PAX_MEMORY_SANITIZE

203

-+	select PAX_MEMORY_STACKLEAK

204

++	select PAX_MEMORY_STACKLEAK if (!XEN)

205

 +	help

206

 +	  If you say Y here, a configuration for grsecurity/PaX features

207

 +	  will be used that is endorsed by the Hardened Gentoo project.

208

@@ -263,7 +263,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig

209

 +	select PAX_REFCOUNT if (X86 || SPARC64)

210

 +	select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))

211

 +	select PAX_MEMORY_SANITIZE

212

-+	select PAX_MEMORY_STACKLEAK

213

++	select PAX_MEMORY_STACKLEAK if (!XEN)

214

 +	help

215

 +	  If you say Y here, a configuration for grsecurity/PaX features

216

 +	  will be used that is endorsed by the Hardened Gentoo project.

1	commit: a8c2ec02358ccda733de078af3d945de2753d246
2	Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
3	AuthorDate: Fri Apr 27 03:52:48 2012 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Mon Apr 30 11:27:25 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=a8c2ec02
7
8	4455_grsec-kconfig-gentoo.patch: fixed CONFIG_PAX_MEMORY_STACKLEAK
9
10	On xenserver guests and other systems, relaxing the constraints on
11	PAX_RANDKSTACK, PAX_KERNEXEC and PAX_MEMORY_UDEREF means that the user
12	can turn on these which will cause breakage. Restoring the constrainst
13	prevents this.
14
15	Signed-off-by: Matthew Thode <prometheanfire <AT> gentoo.org>
16	Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>
17
18	---
19	2.6.32/4455_grsec-kconfig-gentoo.patch \| 20 ++++++++++----------
20	3.2.16/4455_grsec-kconfig-gentoo.patch \| 20 ++++++++++----------
21	3.3.3/4455_grsec-kconfig-gentoo.patch \| 6 +++---
22	3 files changed, 23 insertions(+), 23 deletions(-)
23
24	diff --git a/2.6.32/4455_grsec-kconfig-gentoo.patch b/2.6.32/4455_grsec-kconfig-gentoo.patch
25	index e578aa6..e18ba0b 100644
26	--- a/2.6.32/4455_grsec-kconfig-gentoo.patch
27	+++ b/2.6.32/4455_grsec-kconfig-gentoo.patch
28	@@ -77,7 +77,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
29	+ select GRKERNSEC_SYSCTL_ON
30	+ select PAX
31	+ select PAX_ASLR
32	-+ select PAX_RANDKSTACK
33	++ select PAX_RANDKSTACK if (X86_TSC && X86)
34	+ select PAX_RANDUSTACK
35	+ select PAX_RANDMMAP
36	+ select PAX_NOEXEC
37	@@ -85,8 +85,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
38	+ select PAX_EI_PAX
39	+ select PAX_PT_PAX_FLAGS
40	+ select PAX_HAVE_ACL_FLAGS
41	-+ select PAX_KERNEXEC
42	-+ select PAX_MEMORY_UDEREF
43	++ select PAX_KERNEXEC if ((PPC \|\| X86) && (!X86_32 \|\| X86_WP_WORKS_OK) && !XEN)
44	++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
45	+ select PAX_SEGMEXEC if (X86_32)
46	+ select PAX_PAGEEXEC
47	+ select PAX_EMUPLT if (ALPHA \|\| PARISC \|\| SPARC)
48	@@ -95,7 +95,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
49	+ select PAX_REFCOUNT if (X86 \|\| SPARC64)
50	+ select PAX_USERCOPY if ((X86 \|\| PPC \|\| SPARC \|\| ARM) && (SLAB \|\| SLUB \|\| SLOB))
51	+ select PAX_MEMORY_SANITIZE
52	-+ select PAX_MEMORY_STACKLEAK
53	++ select PAX_MEMORY_STACKLEAK if (!XEN)
54	+ help
55	+ If you say Y here, a configuration for grsecurity/PaX features
56	+ will be used that is endorsed by the Hardened Gentoo project.
57	@@ -162,7 +162,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
58	+ select GRKERNSEC_SYSCTL_ON
59	+ select PAX
60	+ select PAX_ASLR
61	-+ select PAX_RANDKSTACK
62	++ select PAX_RANDKSTACK if (X86_TSC && X86)
63	+ select PAX_RANDUSTACK
64	+ select PAX_RANDMMAP
65	+ select PAX_NOEXEC
66	@@ -170,8 +170,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
67	+ select PAX_EI_PAX
68	+ select PAX_PT_PAX_FLAGS
69	+ select PAX_HAVE_ACL_FLAGS
70	-+ select PAX_KERNEXEC
71	-+ select PAX_MEMORY_UDEREF
72	++ select PAX_KERNEXEC if ((PPC \|\| X86) && (!X86_32 \|\| X86_WP_WORKS_OK) && !XEN)
73	++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
74	+ select PAX_SEGMEXEC if (X86_32)
75	+ select PAX_PAGEEXEC
76	+ select PAX_EMUPLT if (ALPHA \|\| PARISC \|\| SPARC)
77	@@ -180,7 +180,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
78	+ select PAX_REFCOUNT if (X86 \|\| SPARC64)
79	+ select PAX_USERCOPY if ((X86 \|\| PPC \|\| SPARC \|\| ARM) && (SLAB \|\| SLUB \|\| SLOB))
80	+ select PAX_MEMORY_SANITIZE
81	-+ select PAX_MEMORY_STACKLEAK
82	++ select PAX_MEMORY_STACKLEAK if (!XEN)
83	+ help
84	+ If you say Y here, a configuration for grsecurity/PaX features
85	+ will be used that is endorsed by the Hardened Gentoo project.
86	@@ -247,7 +247,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
87	+ select GRKERNSEC_SYSCTL_ON
88	+ select PAX
89	+ select PAX_ASLR
90	-+ select PAX_RANDKSTACK
91	++ select PAX_RANDKSTACK if (X86_TSC && X86)
92	+ select PAX_RANDUSTACK
93	+ select PAX_RANDMMAP
94	+ select PAX_NOEXEC
95	@@ -263,7 +263,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
96	+ select PAX_REFCOUNT if (X86 \|\| SPARC64)
97	+ select PAX_USERCOPY if ((X86 \|\| PPC \|\| SPARC \|\| ARM) && (SLAB \|\| SLUB \|\| SLOB))
98	+ select PAX_MEMORY_SANITIZE
99	-+ select PAX_MEMORY_STACKLEAK
100	++ select PAX_MEMORY_STACKLEAK if (!XEN)
101	+ help
102	+ If you say Y here, a configuration for grsecurity/PaX features
103	+ will be used that is endorsed by the Hardened Gentoo project.
104
105	diff --git a/3.2.16/4455_grsec-kconfig-gentoo.patch b/3.2.16/4455_grsec-kconfig-gentoo.patch
106	index 2527bad..87b5454 100644
107	--- a/3.2.16/4455_grsec-kconfig-gentoo.patch
108	+++ b/3.2.16/4455_grsec-kconfig-gentoo.patch
109	@@ -77,7 +77,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
110	+ select GRKERNSEC_SYSCTL_ON
111	+ select PAX
112	+ select PAX_ASLR
113	-+ select PAX_RANDKSTACK
114	++ select PAX_RANDKSTACK if (X86_TSC && X86)
115	+ select PAX_RANDUSTACK
116	+ select PAX_RANDMMAP
117	+ select PAX_NOEXEC
118	@@ -85,8 +85,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
119	+ select PAX_EI_PAX
120	+ select PAX_PT_PAX_FLAGS
121	+ select PAX_HAVE_ACL_FLAGS
122	-+ select PAX_KERNEXEC
123	-+ select PAX_MEMORY_UDEREF
124	++ select PAX_KERNEXEC if ((PPC \|\| X86) && (!X86_32 \|\| X86_WP_WORKS_OK) && !XEN)
125	++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
126	+ select PAX_SEGMEXEC if (X86_32)
127	+ select PAX_PAGEEXEC
128	+ select PAX_EMUPLT if (ALPHA \|\| PARISC \|\| SPARC)
129	@@ -95,7 +95,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
130	+ select PAX_REFCOUNT if (X86 \|\| SPARC64)
131	+ select PAX_USERCOPY if ((X86 \|\| PPC \|\| SPARC \|\| ARM) && (SLAB \|\| SLUB \|\| SLOB))
132	+ select PAX_MEMORY_SANITIZE
133	-+ select PAX_MEMORY_STACKLEAK
134	++ select PAX_MEMORY_STACKLEAK if (!XEN)
135	+ help
136	+ If you say Y here, a configuration for grsecurity/PaX features
137	+ will be used that is endorsed by the Hardened Gentoo project.
138	@@ -162,7 +162,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
139	+ select GRKERNSEC_SYSCTL_ON
140	+ select PAX
141	+ select PAX_ASLR
142	-+ select PAX_RANDKSTACK
143	++ select PAX_RANDKSTACK if (X86_TSC && X86)
144	+ select PAX_RANDUSTACK
145	+ select PAX_RANDMMAP
146	+ select PAX_NOEXEC
147	@@ -170,8 +170,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
148	+ select PAX_EI_PAX
149	+ select PAX_PT_PAX_FLAGS
150	+ select PAX_HAVE_ACL_FLAGS
151	-+ select PAX_KERNEXEC
152	-+ select PAX_MEMORY_UDEREF
153	++ select PAX_KERNEXEC if ((PPC \|\| X86) && (!X86_32 \|\| X86_WP_WORKS_OK) && !XEN)
154	++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
155	+ select PAX_SEGMEXEC if (X86_32)
156	+ select PAX_PAGEEXEC
157	+ select PAX_EMUPLT if (ALPHA \|\| PARISC \|\| SPARC)
158	@@ -180,7 +180,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
159	+ select PAX_REFCOUNT if (X86 \|\| SPARC64)
160	+ select PAX_USERCOPY if ((X86 \|\| PPC \|\| SPARC \|\| ARM) && (SLAB \|\| SLUB \|\| SLOB))
161	+ select PAX_MEMORY_SANITIZE
162	-+ select PAX_MEMORY_STACKLEAK
163	++ select PAX_MEMORY_STACKLEAK if (!XEN)
164	+ help
165	+ If you say Y here, a configuration for grsecurity/PaX features
166	+ will be used that is endorsed by the Hardened Gentoo project.
167	@@ -247,7 +247,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
168	+ select GRKERNSEC_SYSCTL_ON
169	+ select PAX
170	+ select PAX_ASLR
171	-+ select PAX_RANDKSTACK
172	++ select PAX_RANDKSTACK if (X86_TSC && X86)
173	+ select PAX_RANDUSTACK
174	+ select PAX_RANDMMAP
175	+ select PAX_NOEXEC
176	@@ -263,7 +263,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
177	+ select PAX_REFCOUNT if (X86 \|\| SPARC64)
178	+ select PAX_USERCOPY if ((X86 \|\| PPC \|\| SPARC \|\| ARM) && (SLAB \|\| SLUB \|\| SLOB))
179	+ select PAX_MEMORY_SANITIZE
180	-+ select PAX_MEMORY_STACKLEAK
181	++ select PAX_MEMORY_STACKLEAK if (!XEN)
182	+ help
183	+ If you say Y here, a configuration for grsecurity/PaX features
184	+ will be used that is endorsed by the Hardened Gentoo project.
185
186	diff --git a/3.3.3/4455_grsec-kconfig-gentoo.patch b/3.3.3/4455_grsec-kconfig-gentoo.patch
187	index ef59341..1ce4ccf 100644
188	--- a/3.3.3/4455_grsec-kconfig-gentoo.patch
189	+++ b/3.3.3/4455_grsec-kconfig-gentoo.patch
190	@@ -95,7 +95,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
191	+ select PAX_REFCOUNT if (X86 \|\| SPARC64)
192	+ select PAX_USERCOPY if ((X86 \|\| PPC \|\| SPARC \|\| ARM) && (SLAB \|\| SLUB \|\| SLOB))
193	+ select PAX_MEMORY_SANITIZE
194	-+ select PAX_MEMORY_STACKLEAK
195	++ select PAX_MEMORY_STACKLEAK if (!XEN)
196	+ help
197	+ If you say Y here, a configuration for grsecurity/PaX features
198	+ will be used that is endorsed by the Hardened Gentoo project.
199	@@ -180,7 +180,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
200	+ select PAX_REFCOUNT if (X86 \|\| SPARC64)
201	+ select PAX_USERCOPY if ((X86 \|\| PPC \|\| SPARC \|\| ARM) && (SLAB \|\| SLUB \|\| SLOB))
202	+ select PAX_MEMORY_SANITIZE
203	-+ select PAX_MEMORY_STACKLEAK
204	++ select PAX_MEMORY_STACKLEAK if (!XEN)
205	+ help
206	+ If you say Y here, a configuration for grsecurity/PaX features
207	+ will be used that is endorsed by the Hardened Gentoo project.
208	@@ -263,7 +263,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
209	+ select PAX_REFCOUNT if (X86 \|\| SPARC64)
210	+ select PAX_USERCOPY if ((X86 \|\| PPC \|\| SPARC \|\| ARM) && (SLAB \|\| SLUB \|\| SLOB))
211	+ select PAX_MEMORY_SANITIZE
212	-+ select PAX_MEMORY_STACKLEAK
213	++ select PAX_MEMORY_STACKLEAK if (!XEN)
214	+ help
215	+ If you say Y here, a configuration for grsecurity/PaX features
216	+ will be used that is endorsed by the Hardened Gentoo project.

Gentoo Archives: gentoo-commits