[rsbac] Re: Bugfixing the kernel uselib vulnerability
Amon Ott
ao at rsbac.org
Wed Jan 19 11:28:52 CET 2005
On Mittwoch 19 Januar 2005 10:45, Murf wrote:
> Thomas Mueller wrote:
> > All 50 patches in as2 applied cleanly (with some offsets) to
> >
http://rsbac.org/download/kernels/v1.2.3/linux-2.6.10-rsbac-v1.2.3-bf11.tar.bz2.
> > The kernel works fine for 12 hours now.
>
> Yes, you are right, but it is without pax.
>
> I see problem in patching with -as on top of rsbac+pax (2.6.10
kernel).
> For example mmap.c is changes by pax and also by -as patches. The
> changes are not trivial for example at correction rlimit memlock
bug.
> I'm a bit scare manually correct it, because man would have know
what
> is going on in mmap.c. Grsec security patches applyes on top of
> rsbac+pax ok, because it counts with pax. But rlimit memlock bug
> is solved different way if i look to the diffs. But this patch has
> not solved all issues that is in -as patchset.
I have started patching 2.6.10-rsbac-pax. The as2 patches 001-031 are
already in the subversion tree.
> There are 4-5 -as patches that have rejects on source rsbac+pax.
> Anybody tried to solve theese rejects?
I am working on it, and Albeiro will help me.
> In my oppinion, PAX is important component
> helping to be more "secure" ;-).
Very important for me, too.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list