[rsbac] Re: Bugfixing the kernel uselib vulnerability

Amon Ott ao at rsbac.org
Wed Jan 19 11:28:52 CET 2005

On Mittwoch 19 Januar 2005 10:45, Murf wrote:
> Thomas Mueller wrote:
> > All 50 patches in as2 applied cleanly (with some offsets) to 
> > 
> > The kernel works fine for 12 hours now.
> Yes, you are right, but it is without pax.
> I see problem in patching with -as on top of rsbac+pax (2.6.10 
> For example mmap.c is changes by pax and also by -as patches. The 
> changes are not trivial for example at correction rlimit memlock 
> I'm a bit scare manually correct it, because man would have know 
> is going on in mmap.c. Grsec security patches applyes on top of 
> rsbac+pax ok, because it counts with pax. But rlimit memlock bug
> is solved different way if i look to the diffs. But this patch has
> not solved all issues that is in -as patchset.

I have started patching 2.6.10-rsbac-pax. The as2 patches 001-031 are 
already in the subversion tree.
> There are 4-5 -as patches that have rejects on source rsbac+pax.
> Anybody tried to solve theese rejects?

I am working on it, and Albeiro will help me.
> In my oppinion, PAX is important component
> helping to be more "secure" ;-).

Very important for me, too.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list