Okay, so grsecurity released a developmental version of the 2.6.18
grsecurity patch.
However, the entropy patch was taken from this in the past and they
clearly conflict with each other.
The difference is that the entropy patch supplies an option to select
small, medium, or large, whereas the grsecurity only gives small or
large.
So, after looking into the the relevant part of grsecurity, I noticed
that part of what seems to be a relevant change is not present in the
entropy patch. Ultimately causing an unobvious conflict that may
result in bugs or securit problems. (In the case of grsecurity being
set to large in its own settings, while the entropy_pool_size is set
to medium or small, the grsecurity part will attempt to address or use
more than is available)
I made the necessary changes to the entropy_pool_size, but the
grsecurity will need to have that one portion re-diffed, but that can
wait until a more stable grsecurity is released for the 2.6.18.
Unfortunately, I do not know the proper values for the Medium size,
whose values I guessed. Which means I need some help getting the
correct values for this:
/* Default to vanilla pool size. */
/* x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 -- 105 */
{ 128, 103, 76, 51, 25, 1 },
/* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */
{ 32, 26, 20, 14, 7, 1 },
grsecurity changes it to this when set to large:
/* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
{ 512, 411, 308, 208, 104, 1 },
/* x^128 + x^103 + x^76 + x^51 + x^25 + x + 1 -- 105 */
{ 128, 103, 76, 51, 25, 1 },
But what are the correct values for medium? I tried the following:
/* x^256 + x^207 + x^156 + x^107 +x^61 + x + 1 -- 105 */
{ 256, 207, 156, 107, 61, 1 },
/* x^64 + x^52 + x^40 + x^28 + x^16 + x + 1 -- 15 */
{ 64, 52, 40, 28, 16, 1 },
The kernel source says the following about the numbers mentioned, but
I know nothing of primitive polynomial of degree .poolwords over
GF(2):
* A pool of size .poolwords is stirred with a primitive polynomial
* of degree .poolwords over GF(2). The taps for various sizes are
* defined below. They are chosen to be evenly spaced (minimum RMS
* distance from evenly spaced; the numbers in the comments are a
* scaled squared error sum) except for the last tap, which is 1 to
* get the twisting happening as fast as possible.
--
Kevin Day
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
