Re: [gentoo-hardened] Testing needed - gentoo-hardened

From:	dev-random@××××.ru
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Testing needed
Date:	Thu, 09 Dec 2010 07:02:55
Message-Id:	`20101209065715.GA3218@localhost`
In Reply to:	[gentoo-hardened] Testing needed by "Anthony G. Basile"

1

o_O I don't see grsecurity there! Am I blind?

2

3

 .config - Linux Kernel v2.6.36-hardened-r5 Configuration                       

4

 ────────────────────────────────────────────────────────────────────────────── 

5

  ┌─────────────────────────── Security options ────────────────────────────┐   

6

  │  Arrow keys navigate the menu.  <Enter> selects submenus --->.          │   

7

  │  Highlighted letters are hotkeys.  Pressing <Y> includes, <N> excludes, │   

8

  │  <M> modularizes features.  Press <Esc><Esc> to exit, <?> for Help, </> │   

9

  │  for Search.  Legend: [*] built-in  [ ] excluded  <M> module  < >       │   

10

  │ ┌─────────────────────────────────────────────────────────────────────┐ │   

11

  │ │    -*- Enable access key retention support                          │ │   

12

  │ │    [*]   Enable the /proc/keys file by which keys may be viewed     │ │   

13

  │ │    [*] Enable different security models                             │ │   

14

  │ │    [ ] Enable the securityfs filesystem                             │ │   

15

  │ │    [*] Socket and Networking Security Hooks                         │ │   

16

  │ │    [ ]   XFRM (IPSec) Networking Security Hooks                     │ │   

17

  │ │    [ ] Security hooks for pathname based access control             │ │   

18

  │ │    [ ] Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)  │ │   

19

  │ │    [ ] NSA SELinux Support                                          │ │   

20

  │ │    [ ] Simplified Mandatory Access Control Kernel Support           │ │   

21

  │ │    [ ] TOMOYO Linux Support                                         │ │   

22

  │ │    [ ] AppArmor support (NEW)                                       │ │   

23

  │ │    [ ] Integrity Measurement Architecture(IMA)                      │ │   

24

  │ │        Default security module (Unix Discretionary Access Controls) │ │   

25

  │ │                                                                     │ │   

26

  │ │                                                                     │ │   

27

  │ │                                                                     │ │   

28

  │ └─────────────────────────────────────────────────────────────────────┘ │   

29

  ├─────────────────────────────────────────────────────────────────────────┤   

30

  │                    <Select>    < Exit >    < Help >                     │   

31

  └─────────────────────────────────────────────────────────────────────────┘   

32

33

34

On Wed, Dec 08, 2010 at 11:37:28PM -0500, Anthony G. Basile wrote:

35

> Hi everyone,

36

>

37

> I need to fast track stabilize hardened-sources-2.6.32-r30 and

38

> hardened-sources-2.6.36-r5 because of a local root exploit on all

39

> earlier kernels.  The ebuilds just hit the tree.

40

>

41

> Can I get feedback on how those kernels fair on x86 and amd64 arches?  I

42

> don't want to introduce new bugs that can be avoided.  I hope to mark

43

> them stable in about one week.

44

>

45

> Thanks.

46

>

47

> --

48

> Anthony G. Basile, Ph.D.

49

> Gentoo Developer

Gentoo Archives: gentoo-hardened

Replies

1	o_O I don't see grsecurity there! Am I blind?
2
3	.config - Linux Kernel v2.6.36-hardened-r5 Configuration
4	──────────────────────────────────────────────────────────────────────────────
5	┌─────────────────────────── Security options ────────────────────────────┐
6	│ Arrow keys navigate the menu. <Enter> selects submenus --->. │
7	│ Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, │
8	│ <M> modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> │
9	│ for Search. Legend: [*] built-in [ ] excluded <M> module < > │
10	│ ┌─────────────────────────────────────────────────────────────────────┐ │
11	│ │ -*- Enable access key retention support │ │
12	│ │ [*] Enable the /proc/keys file by which keys may be viewed │ │
13	│ │ [*] Enable different security models │ │
14	│ │ [ ] Enable the securityfs filesystem │ │
15	│ │ [*] Socket and Networking Security Hooks │ │
16	│ │ [ ] XFRM (IPSec) Networking Security Hooks │ │
17	│ │ [ ] Security hooks for pathname based access control │ │
18	│ │ [ ] Enable Intel(R) Trusted Execution Technology (Intel(R) TXT) │ │
19	│ │ [ ] NSA SELinux Support │ │
20	│ │ [ ] Simplified Mandatory Access Control Kernel Support │ │
21	│ │ [ ] TOMOYO Linux Support │ │
22	│ │ [ ] AppArmor support (NEW) │ │
23	│ │ [ ] Integrity Measurement Architecture(IMA) │ │
24	│ │ Default security module (Unix Discretionary Access Controls) │ │
25	│ │ │ │
26	│ │ │ │
27	│ │ │ │
28	│ └─────────────────────────────────────────────────────────────────────┘ │
29	├─────────────────────────────────────────────────────────────────────────┤
30	│ <Select> < Exit > < Help > │
31	└─────────────────────────────────────────────────────────────────────────┘
32
33
34	On Wed, Dec 08, 2010 at 11:37:28PM -0500, Anthony G. Basile wrote:
35	> Hi everyone,
36	>
37	> I need to fast track stabilize hardened-sources-2.6.32-r30 and
38	> hardened-sources-2.6.36-r5 because of a local root exploit on all
39	> earlier kernels. The ebuilds just hit the tree.
40	>
41	> Can I get feedback on how those kernels fair on x86 and amd64 arches? I
42	> don't want to introduce new bugs that can be avoided. I hope to mark
43	> them stable in about one week.
44	>
45	> Thanks.
46	>
47	> --
48	> Anthony G. Basile, Ph.D.
49	> Gentoo Developer

Subject	Author
Re: [gentoo-hardened] Testing needed	dev-random@××××.ru
Re: [gentoo-hardened] Testing needed	Tom Hendrikx <tom@×××××××××.net>