| 1 |
W dniu 27.08.2014 o 18:34, André Aparício pisze: |
| 2 |
> I encountered the same problem with qemu/kvm but can't even login, I |
| 3 |
> get random segfaults and even failed malloc assertions |
| 4 |
> in /sbin/init, /sbin/rc or /bin/login (never past this). |
| 5 |
> |
| 6 |
> But it works fine with CONFIG_PAX_MEMORY_UDEREF disabled. |
| 7 |
|
| 8 |
|
| 9 |
It looks that disabling CONFIG_PAX_MEMORY_UDEREF solves problem on my |
| 10 |
host too. |
| 11 |
|
| 12 |
|
| 13 |
> Config that reproduces the problem. |
| 14 |
> |
| 15 |
> $ grep -P "(GRK|PAX)" linux-3.15.8-hardened/.config |
| 16 |
> CONFIG_PAX_KERNEXEC_PLUGIN=y |
| 17 |
> CONFIG_PAX_PER_CPU_PGD=y |
| 18 |
> CONFIG_PAX_USERCOPY_SLABS=y |
| 19 |
> CONFIG_GRKERNSEC=y |
| 20 |
> CONFIG_GRKERNSEC_CONFIG_AUTO=y |
| 21 |
> # CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set |
| 22 |
> CONFIG_GRKERNSEC_CONFIG_SERVER=y |
| 23 |
> # CONFIG_GRKERNSEC_CONFIG_DESKTOP is not set |
| 24 |
> # CONFIG_GRKERNSEC_CONFIG_VIRT_NONE is not set |
| 25 |
> CONFIG_GRKERNSEC_CONFIG_VIRT_GUEST=y |
| 26 |
> # CONFIG_GRKERNSEC_CONFIG_VIRT_HOST is not set |
| 27 |
> CONFIG_GRKERNSEC_CONFIG_VIRT_EPT=y |
| 28 |
> # CONFIG_GRKERNSEC_CONFIG_VIRT_SOFT is not set |
| 29 |
> # CONFIG_GRKERNSEC_CONFIG_VIRT_XEN is not set |
| 30 |
> # CONFIG_GRKERNSEC_CONFIG_VIRT_VMWARE is not set |
| 31 |
> CONFIG_GRKERNSEC_CONFIG_VIRT_KVM=y |
| 32 |
> # CONFIG_GRKERNSEC_CONFIG_VIRT_VIRTUALBOX is not set |
| 33 |
> # CONFIG_GRKERNSEC_CONFIG_PRIORITY_PERF is not set |
| 34 |
> CONFIG_GRKERNSEC_CONFIG_PRIORITY_SECURITY=y |
| 35 |
> CONFIG_GRKERNSEC_PROC_GID=10 |
| 36 |
> CONFIG_GRKERNSEC_TPE_UNTRUSTED_GID=100 |
| 37 |
> CONFIG_GRKERNSEC_SYMLINKOWN_GID=100 |
| 38 |
> CONFIG_PAX=y |
| 39 |
> # CONFIG_PAX_SOFTMODE is not set |
| 40 |
> CONFIG_PAX_PT_PAX_FLAGS=y |
| 41 |
> CONFIG_PAX_XATTR_PAX_FLAGS=y |
| 42 |
> # CONFIG_PAX_NO_ACL_FLAGS is not set |
| 43 |
> CONFIG_PAX_HAVE_ACL_FLAGS=y |
| 44 |
> # CONFIG_PAX_HOOK_ACL_FLAGS is not set |
| 45 |
> CONFIG_PAX_NOEXEC=y |
| 46 |
> CONFIG_PAX_PAGEEXEC=y |
| 47 |
> CONFIG_PAX_EMUTRAMP=y |
| 48 |
> CONFIG_PAX_MPROTECT=y |
| 49 |
> # CONFIG_PAX_MPROTECT_COMPAT is not set |
| 50 |
> # CONFIG_PAX_ELFRELOCS is not set |
| 51 |
> CONFIG_PAX_KERNEXEC=y |
| 52 |
> CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y |
| 53 |
> CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="bts" |
| 54 |
> CONFIG_PAX_ASLR=y |
| 55 |
> # CONFIG_PAX_RANDKSTACK is not set |
| 56 |
> CONFIG_PAX_RANDUSTACK=y |
| 57 |
> CONFIG_PAX_RANDMMAP=y |
| 58 |
> CONFIG_PAX_MEMORY_SANITIZE=y |
| 59 |
> CONFIG_PAX_MEMORY_STACKLEAK=y |
| 60 |
> CONFIG_PAX_MEMORY_STRUCTLEAK=y |
| 61 |
> CONFIG_PAX_MEMORY_UDEREF=y |
| 62 |
> CONFIG_PAX_REFCOUNT=y |
| 63 |
> CONFIG_PAX_CONSTIFY_PLUGIN=y |
| 64 |
> CONFIG_PAX_USERCOPY=y |
| 65 |
> # CONFIG_PAX_USERCOPY_DEBUG is not set |
| 66 |
> CONFIG_PAX_SIZE_OVERFLOW=y |
| 67 |
> CONFIG_PAX_LATENT_ENTROPY=y |
| 68 |
> CONFIG_GRKERNSEC_KMEM=y |
| 69 |
> CONFIG_GRKERNSEC_IO=y |
| 70 |
> CONFIG_GRKERNSEC_PERF_HARDEN=y |
| 71 |
> CONFIG_GRKERNSEC_RAND_THREADSTACK=y |
| 72 |
> CONFIG_GRKERNSEC_PROC_MEMMAP=y |
| 73 |
> CONFIG_GRKERNSEC_KSTACKOVERFLOW=y |
| 74 |
> CONFIG_GRKERNSEC_BRUTE=y |
| 75 |
> CONFIG_GRKERNSEC_HIDESYM=y |
| 76 |
> CONFIG_GRKERNSEC_RANDSTRUCT=y |
| 77 |
> # CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE is not set |
| 78 |
> # CONFIG_GRKERNSEC_KERN_LOCKOUT is not set |
| 79 |
> CONFIG_GRKERNSEC_NO_RBAC=y |
| 80 |
> CONFIG_GRKERNSEC_ACL_HIDEKERN=y |
| 81 |
> CONFIG_GRKERNSEC_ACL_MAXTRIES=3 |
| 82 |
> CONFIG_GRKERNSEC_ACL_TIMEOUT=30 |
| 83 |
> CONFIG_GRKERNSEC_PROC=y |
| 84 |
> # CONFIG_GRKERNSEC_PROC_USER is not set |
| 85 |
> CONFIG_GRKERNSEC_PROC_USERGROUP=y |
| 86 |
> CONFIG_GRKERNSEC_PROC_ADD=y |
| 87 |
> CONFIG_GRKERNSEC_LINK=y |
| 88 |
> CONFIG_GRKERNSEC_SYMLINKOWN=y |
| 89 |
> CONFIG_GRKERNSEC_FIFO=y |
| 90 |
> CONFIG_GRKERNSEC_SYSFS_RESTRICT=y |
| 91 |
> # CONFIG_GRKERNSEC_ROFS is not set |
| 92 |
> CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y |
| 93 |
> CONFIG_GRKERNSEC_CHROOT=y |
| 94 |
> CONFIG_GRKERNSEC_CHROOT_MOUNT=y |
| 95 |
> CONFIG_GRKERNSEC_CHROOT_DOUBLE=y |
| 96 |
> CONFIG_GRKERNSEC_CHROOT_PIVOT=y |
| 97 |
> CONFIG_GRKERNSEC_CHROOT_CHDIR=y |
| 98 |
> CONFIG_GRKERNSEC_CHROOT_CHMOD=y |
| 99 |
> CONFIG_GRKERNSEC_CHROOT_FCHDIR=y |
| 100 |
> CONFIG_GRKERNSEC_CHROOT_MKNOD=y |
| 101 |
> CONFIG_GRKERNSEC_CHROOT_SHMAT=y |
| 102 |
> CONFIG_GRKERNSEC_CHROOT_UNIX=y |
| 103 |
> CONFIG_GRKERNSEC_CHROOT_FINDTASK=y |
| 104 |
> CONFIG_GRKERNSEC_CHROOT_NICE=y |
| 105 |
> CONFIG_GRKERNSEC_CHROOT_SYSCTL=y |
| 106 |
> CONFIG_GRKERNSEC_CHROOT_CAPS=y |
| 107 |
> # CONFIG_GRKERNSEC_AUDIT_GROUP is not set |
| 108 |
> CONFIG_GRKERNSEC_EXECLOG=y |
| 109 |
> CONFIG_GRKERNSEC_RESLOG=y |
| 110 |
> CONFIG_GRKERNSEC_CHROOT_EXECLOG=y |
| 111 |
> # CONFIG_GRKERNSEC_AUDIT_PTRACE is not set |
| 112 |
> # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set |
| 113 |
> # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set |
| 114 |
> CONFIG_GRKERNSEC_SIGNAL=y |
| 115 |
> # CONFIG_GRKERNSEC_FORKFAIL is not set |
| 116 |
> CONFIG_GRKERNSEC_TIME=y |
| 117 |
> CONFIG_GRKERNSEC_PROC_IPADDR=y |
| 118 |
> CONFIG_GRKERNSEC_RWXMAP_LOG=y |
| 119 |
> CONFIG_GRKERNSEC_DMESG=y |
| 120 |
> CONFIG_GRKERNSEC_HARDEN_PTRACE=y |
| 121 |
> CONFIG_GRKERNSEC_PTRACE_READEXEC=y |
| 122 |
> CONFIG_GRKERNSEC_SETXID=y |
| 123 |
> CONFIG_GRKERNSEC_HARDEN_IPC=y |
| 124 |
> CONFIG_GRKERNSEC_TPE=y |
| 125 |
> # CONFIG_GRKERNSEC_TPE_ALL is not set |
| 126 |
> # CONFIG_GRKERNSEC_TPE_INVERT is not set |
| 127 |
> CONFIG_GRKERNSEC_TPE_GID=100 |
| 128 |
> CONFIG_GRKERNSEC_RANDNET=y |
| 129 |
> CONFIG_GRKERNSEC_BLACKHOLE=y |
| 130 |
> CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y |
| 131 |
> # CONFIG_GRKERNSEC_SOCKET is not set |
| 132 |
> # CONFIG_GRKERNSEC_SYSCTL is not set |
| 133 |
> CONFIG_GRKERNSEC_FLOODTIME=10 |
| 134 |
> CONFIG_GRKERNSEC_FLOODBURST=6 |
| 135 |
> |
| 136 |
> On Tue, 26 Aug 2014 11:24:26 +0100 |
| 137 |
> Marcin Mirosław <marcin@×××××.pl> wrote: |
| 138 |
> |
| 139 |
>> Hello! |
| 140 |
>> I suspect that I've got problem with hardened-sources in KVM VM. I'm |
| 141 |
>> not sure if I should fill a bug for this. I'd like to post it here |
| 142 |
>> before using b.g.o. |
| 143 |
>> I've got VM (it's KVM with qemu-2.0.0-r1), with |
| 144 |
>> hardened-sources-3.15.{5-r2,8}. I'm observing a kind of memory |
| 145 |
>> corruption. After a couple of hours of uptime I'm starting seeing |
| 146 |
>> random segfaults, general protection traps especially when process |
| 147 |
>> uses a lot of CPU and do many I/O operations (masscheck scripts |
| 148 |
>> written in perl for spamassasin rules). |
| 149 |
>> In log I've got e.g.: |
| 150 |
>> |
| 151 |
>> 2014-08-25T13:05:23.243062+02:00 mohikanin kernel: [45571.239703] PAX: |
| 152 |
>> >From 88.198.102.195: execution attempt in: (null), 00000000-00000000 |
| 153 |
>> 00000000 |
| 154 |
>> 2014-08-25T13:05:23.243088+02:00 mohikanin kernel: [45571.239707] PAX: |
| 155 |
>> terminating task: /usr/libexec/dovecot/pop3-login(pop3-login):2507, |
| 156 |
>> uid/euid: 105/105, PC: (nil), SP: 000003a8574e4c00 |
| 157 |
>> 2014-08-25T13:05:23.243093+02:00 mohikanin kernel: [45571.239709] PAX: |
| 158 |
>> bytes at |
| 159 |
>> PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? |
| 160 |
>> 2014-08-25T13:05:23.243095+02:00 mohikanin kernel: [45571.239735] |
| 161 |
>> PAX: bytes at SP-8: 0000000000000000 0000000000000000 |
| 162 |
>> 00000059c6deceb0 0000000000000000 00000316027bc540 0000000000000001 |
| 163 |
>> 000003160271dbb5 0000000000000000 0000000000000000 0000000000000000 |
| 164 |
>> 0000000000000000 2014-08-25T13:24:42.943001+02:00 mohikanin kernel: |
| 165 |
>> [46730.931353] traps: spamd child[19681] general protection |
| 166 |
>> ip:2c572b6e163 sp:3ca7d000be0 error:0 in |
| 167 |
>> libc-2.19.so[2c572aee000+19e000] 2014-08-25T13:24:42.943007+02:00 |
| 168 |
>> mohikanin kernel: [46730.931371] grsec: Segmentation fault occurred |
| 169 |
>> at (nil) in /usr/sbin/spamd[spamd child:19681] |
| 170 |
>> uid/euid:999/999 gid/egid:100/100, |
| 171 |
>> parent /usr/sbin/spamd[/usr/sbin/spamd:1255] uid/euid:0/0 |
| 172 |
>> gid/egid:0/0 2014-08-25T13:55:22.383032+02:00 mohikanin kernel: |
| 173 |
>> [48570.375917] traps: freshclam[6594] general protection |
| 174 |
>> ip:344cceb368d sp:3d5f5ced520 error:0 in |
| 175 |
>> libclamav.so.6.1.23[344ccdf1000+9d1000] |
| 176 |
>> 2014-08-25T13:55:22.383050+02:00 mohikanin kernel: [48570.375968] |
| 177 |
>> grsec: Segmentation fault occurred at (nil) |
| 178 |
>> in /usr/bin/freshclam[freshclam:6594] uid/euid:104/104 |
| 179 |
>> gid/egid:115/115, parent /usr/bin/freshclam[freshclam:1159] |
| 180 |
>> uid/euid:104/104 gid/egid:115/115 |
| 181 |
>> |
| 182 |
>> Yesterday I switched kernel to gentoo-sources-3.14.14 and I don't see |
| 183 |
>> any unwanted behavior. This is why I suspect hardened-sources. Should |
| 184 |
>> I fill a bug? What should I do help find out the root of problem? |
| 185 |
>> (gcc is: gcc version 4.7.3 (Gentoo Hardened 4.7.3-r1 p1.4, |
| 186 |
>> pie-0.5.5) , with ld.gold) |
| 187 |
>> |
| 188 |
>> Marcin |
| 189 |
>> |
| 190 |
>> # grep -P "(GRK|PAX)" /boot/config-3.15.8-hardened |
| 191 |
>> CONFIG_PAX_KERNEXEC_PLUGIN=y |
| 192 |
>> CONFIG_PAX_PER_CPU_PGD=y |
| 193 |
>> CONFIG_PAX_USERCOPY_SLABS=y |
| 194 |
>> CONFIG_GRKERNSEC=y |
| 195 |
>> CONFIG_GRKERNSEC_CONFIG_AUTO=y |
| 196 |
>> # CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set |
| 197 |
>> CONFIG_GRKERNSEC_CONFIG_SERVER=y |
| 198 |
>> # CONFIG_GRKERNSEC_CONFIG_DESKTOP is not set |
| 199 |
>> # CONFIG_GRKERNSEC_CONFIG_VIRT_NONE is not set |
| 200 |
>> CONFIG_GRKERNSEC_CONFIG_VIRT_GUEST=y |
| 201 |
>> # CONFIG_GRKERNSEC_CONFIG_VIRT_HOST is not set |
| 202 |
>> CONFIG_GRKERNSEC_CONFIG_VIRT_EPT=y |
| 203 |
>> # CONFIG_GRKERNSEC_CONFIG_VIRT_SOFT is not set |
| 204 |
>> # CONFIG_GRKERNSEC_CONFIG_VIRT_XEN is not set |
| 205 |
>> # CONFIG_GRKERNSEC_CONFIG_VIRT_VMWARE is not set |
| 206 |
>> CONFIG_GRKERNSEC_CONFIG_VIRT_KVM=y |
| 207 |
>> # CONFIG_GRKERNSEC_CONFIG_VIRT_VIRTUALBOX is not set |
| 208 |
>> CONFIG_GRKERNSEC_CONFIG_PRIORITY_PERF=y |
| 209 |
>> # CONFIG_GRKERNSEC_CONFIG_PRIORITY_SECURITY is not set |
| 210 |
>> CONFIG_GRKERNSEC_PROC_GID=55555 |
| 211 |
>> CONFIG_GRKERNSEC_TPE_TRUSTED_GID=55555 |
| 212 |
>> CONFIG_GRKERNSEC_SYMLINKOWN_GID=100 |
| 213 |
>> CONFIG_PAX=y |
| 214 |
>> # CONFIG_PAX_SOFTMODE is not set |
| 215 |
>> # CONFIG_PAX_PT_PAX_FLAGS is not set |
| 216 |
>> CONFIG_PAX_XATTR_PAX_FLAGS=y |
| 217 |
>> # CONFIG_PAX_NO_ACL_FLAGS is not set |
| 218 |
>> CONFIG_PAX_HAVE_ACL_FLAGS=y |
| 219 |
>> # CONFIG_PAX_HOOK_ACL_FLAGS is not set |
| 220 |
>> CONFIG_PAX_NOEXEC=y |
| 221 |
>> CONFIG_PAX_PAGEEXEC=y |
| 222 |
>> CONFIG_PAX_EMUTRAMP=y |
| 223 |
>> CONFIG_PAX_MPROTECT=y |
| 224 |
>> # CONFIG_PAX_MPROTECT_COMPAT is not set |
| 225 |
>> # CONFIG_PAX_ELFRELOCS is not set |
| 226 |
>> CONFIG_PAX_KERNEXEC=y |
| 227 |
>> CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y |
| 228 |
>> CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="bts" |
| 229 |
>> CONFIG_PAX_ASLR=y |
| 230 |
>> CONFIG_PAX_RANDKSTACK=y |
| 231 |
>> CONFIG_PAX_RANDUSTACK=y |
| 232 |
>> CONFIG_PAX_RANDMMAP=y |
| 233 |
>> # CONFIG_PAX_MEMORY_SANITIZE is not set |
| 234 |
>> CONFIG_PAX_MEMORY_STACKLEAK=y |
| 235 |
>> CONFIG_PAX_MEMORY_STRUCTLEAK=y |
| 236 |
>> CONFIG_PAX_MEMORY_UDEREF=y |
| 237 |
>> CONFIG_PAX_REFCOUNT=y |
| 238 |
>> CONFIG_PAX_CONSTIFY_PLUGIN=y |
| 239 |
>> CONFIG_PAX_USERCOPY=y |
| 240 |
>> # CONFIG_PAX_USERCOPY_DEBUG is not set |
| 241 |
>> CONFIG_PAX_SIZE_OVERFLOW=y |
| 242 |
>> CONFIG_PAX_LATENT_ENTROPY=y |
| 243 |
>> CONFIG_GRKERNSEC_KMEM=y |
| 244 |
>> CONFIG_GRKERNSEC_IO=y |
| 245 |
>> CONFIG_GRKERNSEC_JIT_HARDEN=y |
| 246 |
>> CONFIG_GRKERNSEC_PERF_HARDEN=y |
| 247 |
>> CONFIG_GRKERNSEC_RAND_THREADSTACK=y |
| 248 |
>> CONFIG_GRKERNSEC_PROC_MEMMAP=y |
| 249 |
>> CONFIG_GRKERNSEC_KSTACKOVERFLOW=y |
| 250 |
>> # CONFIG_GRKERNSEC_BRUTE is not set |
| 251 |
>> CONFIG_GRKERNSEC_MODHARDEN=y |
| 252 |
>> CONFIG_GRKERNSEC_HIDESYM=y |
| 253 |
>> CONFIG_GRKERNSEC_RANDSTRUCT=y |
| 254 |
>> CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE=y |
| 255 |
>> # CONFIG_GRKERNSEC_KERN_LOCKOUT is not set |
| 256 |
>> CONFIG_GRKERNSEC_NO_RBAC=y |
| 257 |
>> # CONFIG_GRKERNSEC_ACL_HIDEKERN is not set |
| 258 |
>> CONFIG_GRKERNSEC_ACL_MAXTRIES=3 |
| 259 |
>> CONFIG_GRKERNSEC_ACL_TIMEOUT=30 |
| 260 |
>> CONFIG_GRKERNSEC_PROC=y |
| 261 |
>> CONFIG_GRKERNSEC_PROC_USER=y |
| 262 |
>> CONFIG_GRKERNSEC_PROC_ADD=y |
| 263 |
>> CONFIG_GRKERNSEC_LINK=y |
| 264 |
>> CONFIG_GRKERNSEC_SYMLINKOWN=y |
| 265 |
>> CONFIG_GRKERNSEC_FIFO=y |
| 266 |
>> CONFIG_GRKERNSEC_SYSFS_RESTRICT=y |
| 267 |
>> # CONFIG_GRKERNSEC_ROFS is not set |
| 268 |
>> CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y |
| 269 |
>> CONFIG_GRKERNSEC_CHROOT=y |
| 270 |
>> CONFIG_GRKERNSEC_CHROOT_MOUNT=y |
| 271 |
>> CONFIG_GRKERNSEC_CHROOT_DOUBLE=y |
| 272 |
>> CONFIG_GRKERNSEC_CHROOT_PIVOT=y |
| 273 |
>> CONFIG_GRKERNSEC_CHROOT_CHDIR=y |
| 274 |
>> CONFIG_GRKERNSEC_CHROOT_CHMOD=y |
| 275 |
>> CONFIG_GRKERNSEC_CHROOT_FCHDIR=y |
| 276 |
>> CONFIG_GRKERNSEC_CHROOT_MKNOD=y |
| 277 |
>> CONFIG_GRKERNSEC_CHROOT_SHMAT=y |
| 278 |
>> CONFIG_GRKERNSEC_CHROOT_UNIX=y |
| 279 |
>> CONFIG_GRKERNSEC_CHROOT_FINDTASK=y |
| 280 |
>> CONFIG_GRKERNSEC_CHROOT_NICE=y |
| 281 |
>> CONFIG_GRKERNSEC_CHROOT_SYSCTL=y |
| 282 |
>> CONFIG_GRKERNSEC_CHROOT_CAPS=y |
| 283 |
>> CONFIG_GRKERNSEC_CHROOT_INITRD=y |
| 284 |
>> # CONFIG_GRKERNSEC_AUDIT_GROUP is not set |
| 285 |
>> # CONFIG_GRKERNSEC_EXECLOG is not set |
| 286 |
>> CONFIG_GRKERNSEC_RESLOG=y |
| 287 |
>> # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set |
| 288 |
>> # CONFIG_GRKERNSEC_AUDIT_PTRACE is not set |
| 289 |
>> # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set |
| 290 |
>> CONFIG_GRKERNSEC_AUDIT_MOUNT=y |
| 291 |
>> CONFIG_GRKERNSEC_SIGNAL=y |
| 292 |
>> CONFIG_GRKERNSEC_FORKFAIL=y |
| 293 |
>> CONFIG_GRKERNSEC_TIME=y |
| 294 |
>> CONFIG_GRKERNSEC_PROC_IPADDR=y |
| 295 |
>> CONFIG_GRKERNSEC_RWXMAP_LOG=y |
| 296 |
>> CONFIG_GRKERNSEC_DMESG=y |
| 297 |
>> CONFIG_GRKERNSEC_HARDEN_PTRACE=y |
| 298 |
>> CONFIG_GRKERNSEC_PTRACE_READEXEC=y |
| 299 |
>> CONFIG_GRKERNSEC_SETXID=y |
| 300 |
>> CONFIG_GRKERNSEC_HARDEN_IPC=y |
| 301 |
>> CONFIG_GRKERNSEC_TPE=y |
| 302 |
>> CONFIG_GRKERNSEC_TPE_ALL=y |
| 303 |
>> CONFIG_GRKERNSEC_TPE_INVERT=y |
| 304 |
>> CONFIG_GRKERNSEC_TPE_GID=55555 |
| 305 |
>> CONFIG_GRKERNSEC_RANDNET=y |
| 306 |
>> CONFIG_GRKERNSEC_BLACKHOLE=y |
| 307 |
>> CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y |
| 308 |
>> # CONFIG_GRKERNSEC_SOCKET is not set |
| 309 |
>> CONFIG_GRKERNSEC_SYSCTL=y |
| 310 |
>> # CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set |
| 311 |
>> CONFIG_GRKERNSEC_SYSCTL_ON=y |
| 312 |
>> CONFIG_GRKERNSEC_FLOODTIME=10 |
| 313 |
>> CONFIG_GRKERNSEC_FLOODBURST=6 |
| 314 |
>> |
| 315 |
> |
| 316 |
> |
| 317 |
> |
| 318 |
|
| 319 |
|
| 320 |
-- |
| 321 |
xmpp (jabber): marcin [at] mejor.pl |
| 322 |
www: http://blog.mejor.pl/ |
Archives