Bug#810093: Patch

2016-02-19 Thread HacKurx
New option with grsecurity-3.1-4.4.2-201602182048.patch, you can add: # Disallow unprivileged use of command injection kernel.grsecurity.harden_tty = 1 -- Best regards, HacKurx (Loic)

Bug#810093: Patch

2016-02-02 Thread HacKurx
2016-02-01 16:00 GMT+01:00 HacKurx: >>> 3] Consider adding in postinst "usermod -aG grsec-tpe root ||true" for >>> avoid many problems (systemd). >> >> That doesn't look like a good idea at first sight. First, I'm unsure if TPE >> restriction apply to uid 0 (and if adding it to grsec-tpe will

Bug#810093: Patch

2016-02-01 Thread HacKurx
I just saw the changes in your recent release. I still have a few remarks: 1] Recommendation from compatibility with ubuntu system: Rename grsec.conf to 10-grsec.conf or 30-grsec.conf view /etc/sysctl.d/README (ubuntu procps). 2] chmod 600 if possible! if an attacker access in system (system

Bug#810093: Patch

2016-02-01 Thread Yves-Alexis Perez
On lun., 2016-02-01 at 15:08 +0100, HacKurx wrote: > I just saw the changes in your recent release. I still have a few remarks: > > 1] Recommendation from compatibility with ubuntu system: Rename > grsec.conf to 10-grsec.conf or 30-grsec.conf view /etc/sysctl.d/README > (ubuntu procps). Can you

Bug#810093: Patch

2016-02-01 Thread HacKurx
2016-02-01 15:32 GMT+01:00 Yves-Alexis Perez : > On lun., 2016-02-01 at 15:08 +0100, HacKurx wrote: >> I just saw the changes in your recent release. I still have a few remarks: >> >> 1] Recommendation from compatibility with ubuntu system: Rename >> grsec.conf to 10-grsec.conf