Re: kernel-source 2.4.20 + grsecurity + freeswan
On Thu, Jun 05, 2003 at 10:32:59PM +0200, Vinai Kopp wrote: currently I'm setting up a gateway machine for a small office network. After the recent threads about rooted woody boxes I feel it would be iresponsible to set up a box without a grsecurity patched kernel. The problem is I also need the box to be a VPN gateway. One of the reasons I got the deal was because I said IPSEC would be a good solution, so I don't want to back out and use another VPN option like openvpn. There seem to be problems using both the grsecurity and the freeswan patches (at least I haven't been successfull applying the patches - I tried the debian versions and the official ones from the different project sites of the patches and the kernel sources). Does anybody have debian/stable boxes running kernels with grsecurity and freeswan? Any hints/experiences to share? Thanks for all the ideas! Now that there is an updated 2.4.18 kernel source in woody I can apply the woody freeswan and grsecurity patches. The grsecurity patch had one reject (I guess because of the PTRACE bugfix) but that was easy to add by hand. Now it's up and running smooth. Hm, should I file a bug against the grsecurity patch, because of the reject with the updated kernel-source from security.debian.org? There is an older (closed) bug (#194523) along the same lines for a kernel-source package from stable-proposed-updates, but nothing for the more recent security.debian.org kernel-source. Greetings, Vinai -- Secure eMail with gnupg: See http://www.gnupg.org/ Please avoid sending me Word, Excel or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html pgp0.pgp Description: PGP signature
Re: kernel-source 2.4.20 + grsecurity + freeswan
On Thu, Jun 05, 2003 at 10:32:59PM +0200, Vinai Kopp wrote: currently I'm setting up a gateway machine for a small office network. After the recent threads about rooted woody boxes I feel it would be iresponsible to set up a box without a grsecurity patched kernel. The problem is I also need the box to be a VPN gateway. One of the reasons I got the deal was because I said IPSEC would be a good solution, so I don't want to back out and use another VPN option like openvpn. There seem to be problems using both the grsecurity and the freeswan patches (at least I haven't been successfull applying the patches - I tried the debian versions and the official ones from the different project sites of the patches and the kernel sources). Does anybody have debian/stable boxes running kernels with grsecurity and freeswan? Any hints/experiences to share? Thanks for all the ideas! Now that there is an updated 2.4.18 kernel source in woody I can apply the woody freeswan and grsecurity patches. The grsecurity patch had one reject (I guess because of the PTRACE bugfix) but that was easy to add by hand. Now it's up and running smooth. Hm, should I file a bug against the grsecurity patch, because of the reject with the updated kernel-source from security.debian.org? There is an older (closed) bug (#194523) along the same lines for a kernel-source package from stable-proposed-updates, but nothing for the more recent security.debian.org kernel-source. Greetings, Vinai -- Secure eMail with gnupg: See http://www.gnupg.org/ Please avoid sending me Word, Excel or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html pgpjMCAsj5EKi.pgp Description: PGP signature
Re: kernel-source 2.4.20 + grsecurity + freeswan
do you happen to have XFS patched onto that kernel? :) and what was the order of the patching? I used to use wolk patchset, it contains both grsec and xfs. Unfortunatelly wolk no longer comes with patchset so you must accept it with all the bugs and non-server-grade code. -- Dariush Pietrzak, She swore and she cursed, that she never would deceive me Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel-source 2.4.20 + grsecurity + freeswan
do you happen to have XFS patched onto that kernel? :) and what was the order of the patching? I used to use wolk patchset, it contains both grsec and xfs. Unfortunatelly wolk no longer comes with patchset so you must accept it with all the bugs and non-server-grade code. -- Dariush Pietrzak, She swore and she cursed, that she never would deceive me Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
Re: kernel-source 2.4.20 + grsecurity + freeswan
Le jeu, Jun 05, 2003 a 21:50:33 -0400, Hubert Chan a écrit: Vinai == Vinai Kopp [EMAIL PROTECTED] writes: [...] Vinai There seem to be problems using both the grsecurity and the Vinai freeswan patches (at least I haven't been successfull applying Vinai the patches - I tried the debian versions and the official ones Vinai from the different project sites of the patches and the kernel Vinai sources). I have a Debian/sid machine running a 2.4.20 kernel with both patches applied (along with a whole bunch of other patches), and had no problems applying the patches. The patches and kernel sources I got from the sid repository maybe about a month ago. I would imagine that there shouldn't be much of an issue using the patches and kernel sources from sid on a stable box. do you happen to have XFS patched onto that kernel? :) and what was the order of the patching? eric (infrequent poster) -- Hubert Chan [EMAIL PROTECTED] - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. -- UNIX is user friendly, it's just picky about who its friends are. --- ,''`. http://www.debian.org/ | http://www.nuit.ca/ : :' : Debian GNU/Linux| http://simonraven.nuit.ca/ `. `' | PGP key ID: 6169 BE0C 0891 A038 `- | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel-source 2.4.20 + grsecurity + freeswan
Le jeu, Jun 05, 2003 a 21:50:33 -0400, Hubert Chan a écrit: Vinai == Vinai Kopp [EMAIL PROTECTED] writes: [...] Vinai There seem to be problems using both the grsecurity and the Vinai freeswan patches (at least I haven't been successfull applying Vinai the patches - I tried the debian versions and the official ones Vinai from the different project sites of the patches and the kernel Vinai sources). I have a Debian/sid machine running a 2.4.20 kernel with both patches applied (along with a whole bunch of other patches), and had no problems applying the patches. The patches and kernel sources I got from the sid repository maybe about a month ago. I would imagine that there shouldn't be much of an issue using the patches and kernel sources from sid on a stable box. do you happen to have XFS patched onto that kernel? :) and what was the order of the patching? eric (infrequent poster) -- Hubert Chan [EMAIL PROTECTED] - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. -- UNIX is user friendly, it's just picky about who its friends are. --- ,''`. http://www.debian.org/ | http://www.nuit.ca/ : :' : Debian GNU/Linux| http://simonraven.nuit.ca/ `. `' | PGP key ID: 6169 BE0C 0891 A038 `- |
kernel-source 2.4.20 + grsecurity + freeswan
Hi, currently I'm setting up a gateway machine for a small office network. After the recent threads about rooted woody boxes I feel it would be iresponsible to set up a box without a grsecurity patched kernel. The problem is I also need the box to be a VPN gateway. One of the reasons I got the deal was because I said IPSEC would be a good solution, so I don't want to back out and use another VPN option like openvpn. There seem to be problems using both the grsecurity and the freeswan patches (at least I haven't been successfull applying the patches - I tried the debian versions and the official ones from the different project sites of the patches and the kernel sources). Does anybody have debian/stable boxes running kernels with grsecurity and freeswan? Any hints/experiences to share? Is there another solution I'm missing that you would suggest? Google turned up plenty of hits, but I didn't find any solutions. Thank you and best regards, Vinai -- Secure eMail with gnupg: See http://www.gnupg.org/ pgp0.pgp Description: PGP signature
Re: kernel-source 2.4.20 + grsecurity + freeswan
On Thursday 05 June 2003 22:32, Vinai Kopp wrote: Hi Vinai, There seem to be problems using both the grsecurity and the freeswan patches (at least I haven't been successfull applying the patches - I tried the debian versions and the official ones from the different project sites of the patches and the kernel sources). Does anybody have debian/stable boxes running kernels with grsecurity and freeswan? Any hints/experiences to share? http://sf.net/projects/wolk/ http://sourceforge.net/forum/forum.php?forum_id=272768 -- ciao, Marc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel-source 2.4.20 + grsecurity + freeswan
On Thu, Jun 05, 2003 at 10:32:59PM +0200, Vinai Kopp wrote: Hi, currently I'm setting up a gateway machine for a small office network. After the recent threads about rooted woody boxes I feel it would be iresponsible to set up a box without a grsecurity patched kernel. The problem is I also need the box to be a VPN gateway. One of the reasons I got the deal was because I said IPSEC would be a good solution, so I don't want to back out and use another VPN option like openvpn. There seem to be problems using both the grsecurity and the freeswan patches (at least I haven't been successfull applying the patches - I tried the debian versions and the official ones from the different project sites of the patches and the kernel sources). Does anybody have debian/stable boxes running kernels with grsecurity and freeswan? Any hints/experiences to share? Is there another solution I'm missing that you would suggest? Google turned up plenty of hits, but I didn't find any solutions. Thank you and best regards, Vinai You might want to have a look at adamantix.org. It is a woody based distro with freeswan, PAX, and RSBAC kernel patches, plus all the packages are compiled with the gcc stack smashing patch. -- Peter Hicks GnuPG public key: http://jah.net/~petong/public_key.txt Key Fingerprint: 4E24 3C78 A165 537C 729C 8D25 3547 3CE9 9E7D 42B6 There are no controlled substances, only controlled people. - Thomas Szasz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel-source 2.4.20 + grsecurity + freeswan
Vinai == Vinai Kopp [EMAIL PROTECTED] writes: [...] Vinai There seem to be problems using both the grsecurity and the Vinai freeswan patches (at least I haven't been successfull applying Vinai the patches - I tried the debian versions and the official ones Vinai from the different project sites of the patches and the kernel Vinai sources). I have a Debian/sid machine running a 2.4.20 kernel with both patches applied (along with a whole bunch of other patches), and had no problems applying the patches. The patches and kernel sources I got from the sid repository maybe about a month ago. I would imagine that there shouldn't be much of an issue using the patches and kernel sources from sid on a stable box. -- Hubert Chan [EMAIL PROTECTED] - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. pgp0.pgp Description: PGP signature
Re: kernel-source 2.4.20 + grsecurity + freeswan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I have debian (stable) with a stock kernel from kernel.org (2.4.20) with FreeSwan 1.99 and grsecurity 1.99h. Worked without a problem so far. The order of pachtes was first FreeSwan, then grsec, if that makes any difference... Good luck, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (Darwin) iEYEARECAAYFAj7gUwEACgkQezyUhHKdNXSClQCffrbGpuY7pVZ+iI7SeKdRaH/9 deUAn1++liaKV0fyE+KwJ9kBFsabWhjT =/Kgf -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel-source 2.4.20 + grsecurity + freeswan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I have debian (stable) with a stock kernel from kernel.org (2.4.20) with FreeSwan 1.99 and grsecurity 1.99h. Worked without a problem so far. The order of pachtes was first FreeSwan, then grsec, if that makes any difference... Good luck, Peter - -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (Darwin) iEYEARECAAYFAj7gUwEACgkQezyUhHKdNXSClQCffrbGpuY7pVZ+iI7SeKdRaH/9 deUAn1++liaKV0fyE+KwJ9kBFsabWhjT =/Kgf -END PGP SIGNATURE-
kernel-source 2.4.20 + grsecurity + freeswan
Hi, currently I'm setting up a gateway machine for a small office network. After the recent threads about rooted woody boxes I feel it would be iresponsible to set up a box without a grsecurity patched kernel. The problem is I also need the box to be a VPN gateway. One of the reasons I got the deal was because I said IPSEC would be a good solution, so I don't want to back out and use another VPN option like openvpn. There seem to be problems using both the grsecurity and the freeswan patches (at least I haven't been successfull applying the patches - I tried the debian versions and the official ones from the different project sites of the patches and the kernel sources). Does anybody have debian/stable boxes running kernels with grsecurity and freeswan? Any hints/experiences to share? Is there another solution I'm missing that you would suggest? Google turned up plenty of hits, but I didn't find any solutions. Thank you and best regards, Vinai -- Secure eMail with gnupg: See http://www.gnupg.org/ pgpPlijo8JX5v.pgp Description: PGP signature
Re: kernel-source 2.4.20 + grsecurity + freeswan
On Thursday 05 June 2003 22:32, Vinai Kopp wrote: Hi Vinai, There seem to be problems using both the grsecurity and the freeswan patches (at least I haven't been successfull applying the patches - I tried the debian versions and the official ones from the different project sites of the patches and the kernel sources). Does anybody have debian/stable boxes running kernels with grsecurity and freeswan? Any hints/experiences to share? http://sf.net/projects/wolk/ http://sourceforge.net/forum/forum.php?forum_id=272768 -- ciao, Marc