Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:prometheanfire commit in: 2.6.32/, 3.2.16/
Date: Mon, 30 Apr 2012 11:26:18
Message-Id: 1335785121.79d0eae0e9c3957e56af094c45383af07967f635.blueness@gentoo
1 commit: 79d0eae0e9c3957e56af094c45383af07967f635
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Mon Apr 30 11:25:21 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Mon Apr 30 11:25:21 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=79d0eae0
7
8 4455_grsec-kconfig-gentoo.patch: fixed CONFIG_PAX_MEMORY_STACKLEAK issue in xenserver guests
9
10 ---
11 2.6.32/4455_grsec-kconfig-gentoo.patch | 20 ++++++++++----------
12 3.2.16/4455_grsec-kconfig-gentoo.patch | 20 ++++++++++----------
13 2 files changed, 20 insertions(+), 20 deletions(-)
14
15 diff --git a/2.6.32/4455_grsec-kconfig-gentoo.patch b/2.6.32/4455_grsec-kconfig-gentoo.patch
16 index e578aa6..e18ba0b 100644
17 --- a/2.6.32/4455_grsec-kconfig-gentoo.patch
18 +++ b/2.6.32/4455_grsec-kconfig-gentoo.patch
19 @@ -77,7 +77,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
20 + select GRKERNSEC_SYSCTL_ON
21 + select PAX
22 + select PAX_ASLR
23 -+ select PAX_RANDKSTACK
24 ++ select PAX_RANDKSTACK if (X86_TSC && X86)
25 + select PAX_RANDUSTACK
26 + select PAX_RANDMMAP
27 + select PAX_NOEXEC
28 @@ -85,8 +85,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
29 + select PAX_EI_PAX
30 + select PAX_PT_PAX_FLAGS
31 + select PAX_HAVE_ACL_FLAGS
32 -+ select PAX_KERNEXEC
33 -+ select PAX_MEMORY_UDEREF
34 ++ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
35 ++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
36 + select PAX_SEGMEXEC if (X86_32)
37 + select PAX_PAGEEXEC
38 + select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
39 @@ -95,7 +95,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
40 + select PAX_REFCOUNT if (X86 || SPARC64)
41 + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))
42 + select PAX_MEMORY_SANITIZE
43 -+ select PAX_MEMORY_STACKLEAK
44 ++ select PAX_MEMORY_STACKLEAK if (!XEN)
45 + help
46 + If you say Y here, a configuration for grsecurity/PaX features
47 + will be used that is endorsed by the Hardened Gentoo project.
48 @@ -162,7 +162,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
49 + select GRKERNSEC_SYSCTL_ON
50 + select PAX
51 + select PAX_ASLR
52 -+ select PAX_RANDKSTACK
53 ++ select PAX_RANDKSTACK if (X86_TSC && X86)
54 + select PAX_RANDUSTACK
55 + select PAX_RANDMMAP
56 + select PAX_NOEXEC
57 @@ -170,8 +170,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
58 + select PAX_EI_PAX
59 + select PAX_PT_PAX_FLAGS
60 + select PAX_HAVE_ACL_FLAGS
61 -+ select PAX_KERNEXEC
62 -+ select PAX_MEMORY_UDEREF
63 ++ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
64 ++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
65 + select PAX_SEGMEXEC if (X86_32)
66 + select PAX_PAGEEXEC
67 + select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
68 @@ -180,7 +180,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
69 + select PAX_REFCOUNT if (X86 || SPARC64)
70 + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))
71 + select PAX_MEMORY_SANITIZE
72 -+ select PAX_MEMORY_STACKLEAK
73 ++ select PAX_MEMORY_STACKLEAK if (!XEN)
74 + help
75 + If you say Y here, a configuration for grsecurity/PaX features
76 + will be used that is endorsed by the Hardened Gentoo project.
77 @@ -247,7 +247,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
78 + select GRKERNSEC_SYSCTL_ON
79 + select PAX
80 + select PAX_ASLR
81 -+ select PAX_RANDKSTACK
82 ++ select PAX_RANDKSTACK if (X86_TSC && X86)
83 + select PAX_RANDUSTACK
84 + select PAX_RANDMMAP
85 + select PAX_NOEXEC
86 @@ -263,7 +263,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
87 + select PAX_REFCOUNT if (X86 || SPARC64)
88 + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))
89 + select PAX_MEMORY_SANITIZE
90 -+ select PAX_MEMORY_STACKLEAK
91 ++ select PAX_MEMORY_STACKLEAK if (!XEN)
92 + help
93 + If you say Y here, a configuration for grsecurity/PaX features
94 + will be used that is endorsed by the Hardened Gentoo project.
95
96 diff --git a/3.2.16/4455_grsec-kconfig-gentoo.patch b/3.2.16/4455_grsec-kconfig-gentoo.patch
97 index 2527bad..87b5454 100644
98 --- a/3.2.16/4455_grsec-kconfig-gentoo.patch
99 +++ b/3.2.16/4455_grsec-kconfig-gentoo.patch
100 @@ -77,7 +77,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
101 + select GRKERNSEC_SYSCTL_ON
102 + select PAX
103 + select PAX_ASLR
104 -+ select PAX_RANDKSTACK
105 ++ select PAX_RANDKSTACK if (X86_TSC && X86)
106 + select PAX_RANDUSTACK
107 + select PAX_RANDMMAP
108 + select PAX_NOEXEC
109 @@ -85,8 +85,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
110 + select PAX_EI_PAX
111 + select PAX_PT_PAX_FLAGS
112 + select PAX_HAVE_ACL_FLAGS
113 -+ select PAX_KERNEXEC
114 -+ select PAX_MEMORY_UDEREF
115 ++ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
116 ++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
117 + select PAX_SEGMEXEC if (X86_32)
118 + select PAX_PAGEEXEC
119 + select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
120 @@ -95,7 +95,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
121 + select PAX_REFCOUNT if (X86 || SPARC64)
122 + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))
123 + select PAX_MEMORY_SANITIZE
124 -+ select PAX_MEMORY_STACKLEAK
125 ++ select PAX_MEMORY_STACKLEAK if (!XEN)
126 + help
127 + If you say Y here, a configuration for grsecurity/PaX features
128 + will be used that is endorsed by the Hardened Gentoo project.
129 @@ -162,7 +162,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
130 + select GRKERNSEC_SYSCTL_ON
131 + select PAX
132 + select PAX_ASLR
133 -+ select PAX_RANDKSTACK
134 ++ select PAX_RANDKSTACK if (X86_TSC && X86)
135 + select PAX_RANDUSTACK
136 + select PAX_RANDMMAP
137 + select PAX_NOEXEC
138 @@ -170,8 +170,8 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
139 + select PAX_EI_PAX
140 + select PAX_PT_PAX_FLAGS
141 + select PAX_HAVE_ACL_FLAGS
142 -+ select PAX_KERNEXEC
143 -+ select PAX_MEMORY_UDEREF
144 ++ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
145 ++ select PAX_MEMORY_UDEREF if (X86 && !XEN)
146 + select PAX_SEGMEXEC if (X86_32)
147 + select PAX_PAGEEXEC
148 + select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
149 @@ -180,7 +180,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
150 + select PAX_REFCOUNT if (X86 || SPARC64)
151 + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))
152 + select PAX_MEMORY_SANITIZE
153 -+ select PAX_MEMORY_STACKLEAK
154 ++ select PAX_MEMORY_STACKLEAK if (!XEN)
155 + help
156 + If you say Y here, a configuration for grsecurity/PaX features
157 + will be used that is endorsed by the Hardened Gentoo project.
158 @@ -247,7 +247,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
159 + select GRKERNSEC_SYSCTL_ON
160 + select PAX
161 + select PAX_ASLR
162 -+ select PAX_RANDKSTACK
163 ++ select PAX_RANDKSTACK if (X86_TSC && X86)
164 + select PAX_RANDUSTACK
165 + select PAX_RANDMMAP
166 + select PAX_NOEXEC
167 @@ -263,7 +263,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
168 + select PAX_REFCOUNT if (X86 || SPARC64)
169 + select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))
170 + select PAX_MEMORY_SANITIZE
171 -+ select PAX_MEMORY_STACKLEAK
172 ++ select PAX_MEMORY_STACKLEAK if (!XEN)
173 + help
174 + If you say Y here, a configuration for grsecurity/PaX features
175 + will be used that is endorsed by the Hardened Gentoo project.
Report Message
Find on MARC Find on Google Groups