grsecurity 2.1.6 has been released for the 2.4.31 and 2.6.11.12 version of the Linux kernel. Changes in this version include: * PaX updates * Inverted socket policies (see the sample policy with gradm for syntax) * gradm now can work on both 2.4 and 2.6 kernels without requiring a recompile for the currently running kernel * ATI Radeon (and more) video cards will work properly with the /dev/(k)mem restriction feature * PAM authentication support has been added to the RBAC system for special roles, which allows you to use a variety of different authentication methods in place of the regular kernel-based password authentication. * A new subject flag was added to be placed on binaries that are allowed to communicate with the /dev/grsec device. The "a" mode should be added to special roles like the admin role. The sample policy has been updated to reflect this change * The learn_config file has been updated with new rules to facilitate better reduced policies * The always-reduce-path directive in learn_config is now interpreted by the learning daemon itself, allowing paths to be rewritten before they ever reach the disk * Various other bugs have been fixed, including improper role reduction in some cases in policy generation Reproducible: Always Steps to Reproduce: 1. 2. 3. grsec-sources (and other sources using grsec) should be updated to kernel 2.4.31 (or 2.6.11.12), which solves some security-related bugs.
hardened-sources-2.4.31 ~x86 is in the tree. gradm-2.1.6.XX is in the tree now also.
hardened-sources-2.6.11-r14 is in the tree with keywords 'x86 ppc amd64'. It is based off 2.6.11.12 and has grsec 2.1.6.
What about new grsec-sources? (Will they switch to kernel-2.6 soon?) Or do you recommend switching to hardened-sources, also if I only need grsec?
grsec-sources are going to be dropped from the tree. hardened-sources is recommended for both 2.4.x and 2.6.x.
(In reply to comment #3) > What about new grsec-sources? See the grsec-sources ChangeLog entry from 29 Apr 2005