| 1 |
On 12/26/2010 03:46 AM, pageexec@××××××××.hu wrote: |
| 2 |
> On 26 Dec 2010 at 1:59, Michael Orlitzky wrote: |
| 3 |
> |
| 4 |
>> I've got (at least) two servers that lose their root partition after |
| 5 |
>> this upgrade. One of them has an HP cciss SCSI RAID controller; the |
| 6 |
>> other has a single IDE hard drive. Assuming the problem is something |
| 7 |
>> common, I'll stick to describing the one with the array for now. |
| 8 |
> |
| 9 |
> which grsec is this ebuild based on? my guess is that it's a recent PaX/UDEREF |
| 10 |
> hardening that's causing this and should be mostly fixed now except for the |
| 11 |
> IP checksum code fix which i'll release soon. in the meantime you can disable |
| 12 |
> UDEREF. if you don't have it enabled then i don't know what it is, we'll need |
| 13 |
> more debugging, let me know. |
| 14 |
|
| 15 |
The hardened-patches contains the following: |
| 16 |
|
| 17 |
4423_grsec-remove-protected-paths.patch |
| 18 |
4420_grsecurity-2.2.1-2.6.36.2-201012121726.patch |
| 19 |
4435_grsec-kconfig-gentoo.patch |
| 20 |
4421_grsec-remove-localversion-grsec.patch |
| 21 |
4425_grsec-pax-without-grsec.patch |
| 22 |
4430_grsec-kconfig-default-gids.patch |
| 23 |
4422_grsec-mute-warnings.patch |
| 24 |
|
| 25 |
I do have UDEREF enabled: |
| 26 |
|
| 27 |
# grep UDEREF .config |
| 28 |
CONFIG_PAX_MEMORY_UDEREF=y |
| 29 |
|
| 30 |
I can try disabling it when I'd be willing to drive to work and reboot |
| 31 |
the thing. |
Archives