On Tuesday 03 January 2006 14:55, Lubomir Host wrote: > Hi guys, > > I have one question. It is possible to run grsecurity kernel with skas3 > UML (User Mode Linux) patch from > > http://www.user-mode-linux.org/~blaisorblade/patches/skas3-2.6/skas-2.6.14- >v8.2/skas-2.6.14-v8.2.patch.bz2 > > ? I have tried to create kernel with following patches (apply in this > order on linux-2.6.14.3): > > http://www.grsecurity.net/grsecurity-2.1.7-2.6.14.3-200512111706.patch.gz > http://www.kernel.org/pub/linux/kernel/v2.6/incr/patch-2.6.14.3-4.bz2 > http://www.kernel.org/pub/linux/kernel/v2.6/incr/patch-2.6.14.4-5.bz2 > http://www.user-mode-linux.org/~blaisorblade/patches/skas3-2.6/skas-2.6.14- >v8.2/skas-2.6.14-v8.2.patch.bz2 > > but little problem exists in linux-2.6.14.5-grsec-skas/mm/mmap.c. > Problem is with function do_mmap_pgoff(), because this function is > renamed in grsec and in skas patch too. I merge these patches together > but I don't have enought experiences to check, if everything is OK.
> Please, can somebody check my patch? My patch can be downloaded from > http://rajo.platon.sk/patches/linux-2.6/patch-2.6.14.5--grsecurity-2.1.7--s >kas3-v8.2.patch http://rajo.platon.sk/patches/linux-2.6/ I don't have the time to check right now, but last time this question was brought up I found that a straightforward merge between patches (which had exactly the same problem) had a few (conceptual/theoretical) problems about security - I don't remember the details, but I didn't publish the result as I didn't find a satisfying solution. "Satisfying" means "where all the restrictions imposed by normal GrSecurity continue to hold". -- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ User-mode-linux-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
