11883 – Grsecurity stealth needs iptables patch

Bug 11883 - Grsecurity stealth needs iptables patch

Summary: Grsecurity stealth needs iptables patch

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	Joshua Brindle (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-12-10 01:18 UTC by DC
Modified:	2003-02-04 19:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description DC 2002-12-10 01:18:00 UTC

Grsecurity adds a kernel patch for stealth matching in iptables. However, it's
useless unless a grsecurity patch is also applied to iptables itself. The
necessary patch is at <http://www.grsecurity.net/download.php>.

Comment 1 Joshua Brindle (RETIRED) gentoo-dev

2002-12-10 10:16:58 UTC

will this patch cause problems if a user does not have grsecurity in the 
kernel, or has it but not enabled?

Comment 2 DC 2002-12-10 17:15:30 UTC

I haven't tested it without grsecurity in the kernel, but I don't think it would
cause a problem. The patch merely adds an extra extension module
(libipt_stealth.so) to be built with iptables; iptables itself is not changed.
The only problem might be if someone tries to use stealth matching without
actually having compiled kernel support for it--I do not know what would happen
then.

Comment 3 Joshua Brindle (RETIRED) gentoo-dev

2002-12-10 21:30:01 UTC

sys-apps/iptables-1.2.7a-r1
masked with ~x86 for testing
enjoy.