|
Lines 41-47
Link Here
|
| 41 |
<uri link="#aclall">Is it possible to use Grsecurity, SELinux, and PaX all at the same time?</uri> |
41 |
<uri link="#aclall">Is it possible to use Grsecurity, SELinux, and PaX all at the same time?</uri> |
| 42 |
</li> |
42 |
</li> |
| 43 |
<li> |
43 |
<li> |
| 44 |
<uri link="#hardenedkernelpatches">Where can I find a list of patches included in hardened-dev-sources?</uri> |
44 |
<uri link="#hardenedkernelpatches">Where can I find a list of patches included in hardened-sources?</uri> |
| 45 |
</li> |
45 |
</li> |
| 46 |
<li> |
46 |
<li> |
| 47 |
<uri link="#libbitmap">How do I get rid of the error "Symbol __guard from module /usr/X11R6/lib/modules/fonts/ |
47 |
<uri link="#libbitmap">How do I get rid of the error "Symbol __guard from module /usr/X11R6/lib/modules/fonts/ |
|
Lines 85-91
Link Here
|
| 85 |
<uri link="#paxinformation">What is the homepage for PaX?</uri> |
85 |
<uri link="#paxinformation">What is the homepage for PaX?</uri> |
| 86 |
</li> |
86 |
</li> |
| 87 |
<li> |
87 |
<li> |
| 88 |
<uri link="#paxgentoodoc">What gentoo documentation exists about PaX?</uri> |
88 |
<uri link="#paxgentoodoc">What Gentoo documentation exists about PaX?</uri> |
| 89 |
</li> |
89 |
</li> |
| 90 |
<li> |
90 |
<li> |
| 91 |
<uri link="#paxnoelf">I keep getting the message: "error while loading shared libraries: cannot make segment |
91 |
<uri link="#paxnoelf">I keep getting the message: "error while loading shared libraries: cannot make segment |
|
Lines 93-99
Link Here
|
| 93 |
</uri> |
93 |
</uri> |
| 94 |
</li> |
94 |
</li> |
| 95 |
<li> |
95 |
<li> |
| 96 |
<uri link="#paxjava">Ever since I started using PaX I can't get java working, why?</uri> |
96 |
<uri link="#paxjava">Ever since I started using PaX I can't get Java working, why?</uri> |
| 97 |
</li> |
97 |
</li> |
| 98 |
</ul> |
98 |
</ul> |
| 99 |
|
99 |
|
|
Lines 109-115
Link Here
|
| 109 |
<uri link="#grsecinformation">What is the homepage for Grsecurity?</uri> |
109 |
<uri link="#grsecinformation">What is the homepage for Grsecurity?</uri> |
| 110 |
</li> |
110 |
</li> |
| 111 |
<li> |
111 |
<li> |
| 112 |
<uri link="#grsecgentoodoc">What gentoo documentation exists about Grsecurity?</uri> |
112 |
<uri link="#grsecgentoodoc">What Gentoo documentation exists about Grsecurity?</uri> |
| 113 |
</li> |
113 |
</li> |
| 114 |
<li> |
114 |
<li> |
| 115 |
<uri link="#grsec2681">Can I use Grsecurity with a 2.6.8, 2.6.8.1, or 2.6.9 kernel?</uri> |
115 |
<uri link="#grsec2681">Can I use Grsecurity with a 2.6.8, 2.6.8.1, or 2.6.9 kernel?</uri> |
|
Lines 128-134
Link Here
|
| 128 |
<uri link="#rsbacinformation">What is the homepage for RSBAC?</uri> |
128 |
<uri link="#rsbacinformation">What is the homepage for RSBAC?</uri> |
| 129 |
</li> |
129 |
</li> |
| 130 |
<li> |
130 |
<li> |
| 131 |
<uri link="#rsbacgentoodoc">What gentoo documentation exists about RSBAC?</uri> |
131 |
<uri link="#rsbacgentoodoc">What Gentoo documentation exists about RSBAC?</uri> |
| 132 |
</li> |
132 |
</li> |
| 133 |
<li> |
133 |
<li> |
| 134 |
<uri link="#rsbac4kstack">Ever since I upgraded my kernel RSBAC does not work correctly |
134 |
<uri link="#rsbac4kstack">Ever since I upgraded my kernel RSBAC does not work correctly |
|
Lines 177-183
Link Here
|
| 177 |
<body> |
177 |
<body> |
| 178 |
|
178 |
|
| 179 |
<p> |
179 |
<p> |
| 180 |
The answer to this question is highly subjective, so the hardened gentoo project simply |
180 |
The answer to this question is highly subjective, so the hardened Gentoo project simply |
| 181 |
tries to lay out each technology and leave the choice up to the user. This decision requires |
181 |
tries to lay out each technology and leave the choice up to the user. This decision requires |
| 182 |
a lot of research that we have hopefully provided clearly in the hardened |
182 |
a lot of research that we have hopefully provided clearly in the hardened |
| 183 |
documentation. However, if you have any specific questions about the security model that each provides, |
183 |
documentation. However, if you have any specific questions about the security model that each provides, |
|
Lines 200-210
Link Here
|
| 200 |
</section> |
200 |
</section> |
| 201 |
|
201 |
|
| 202 |
<section id="hardenedkernelpatches"> |
202 |
<section id="hardenedkernelpatches"> |
| 203 |
<title>Where can I find a list of patches included in hardened-dev-sources?</title> |
203 |
<title>Where can I find a list of patches included in hardened-sources?</title> |
| 204 |
<body> |
204 |
<body> |
| 205 |
|
205 |
|
| 206 |
<p> |
206 |
<p> |
| 207 |
Patches for hardened-dev-sources are stored at <uri>http://dev.gentoo.org/~tseng/kernel/</uri>. |
207 |
Patches for hardened-sources are stored at <uri>http://dev.gentoo.org/~tseng/kernel/</uri>. |
| 208 |
To see the patch list, simply download the relevant patchset for your kernel, unpack it, and |
208 |
To see the patch list, simply download the relevant patchset for your kernel, unpack it, and |
| 209 |
look through the file named 0000-README. |
209 |
look through the file named 0000-README. |
| 210 |
</p> |
210 |
</p> |
|
Lines 280-286
Link Here
|
| 280 |
</impo> |
280 |
</impo> |
| 281 |
|
281 |
|
| 282 |
<note> |
282 |
<note> |
| 283 |
If you are interested in using per-package CFLAGS with portage currently then |
283 |
If you are interested in using per-package CFLAGS with Portage then |
| 284 |
you may be interested in reading about the script solar has developed to deal |
284 |
you may be interested in reading about the script solar has developed to deal |
| 285 |
with this: <uri>http://article.gmane.org/gmane.linux.gentoo.hardened/1204</uri> |
285 |
with this: <uri>http://article.gmane.org/gmane.linux.gentoo.hardened/1204</uri> |
| 286 |
</note> |
286 |
</note> |
|
Lines 294-300
Link Here
|
| 294 |
<body> |
294 |
<body> |
| 295 |
|
295 |
|
| 296 |
<p> |
296 |
<p> |
| 297 |
In order to use PaX on hardened-dev-sources, you must enable Grsecurity as well |
297 |
In order to use PaX on hardened-sources, you must enable Grsecurity as well |
| 298 |
in your kernel config. This should be fixed in a future kernel. |
298 |
in your kernel config. This should be fixed in a future kernel. |
| 299 |
</p> |
299 |
</p> |
| 300 |
|
300 |
|
|
Lines 380-390
Link Here
|
| 380 |
</section> |
380 |
</section> |
| 381 |
|
381 |
|
| 382 |
<section id="paxgentoodoc"> |
382 |
<section id="paxgentoodoc"> |
| 383 |
<title>What gentoo documentation exists about PaX?</title> |
383 |
<title>What Gentoo documentation exists about PaX?</title> |
| 384 |
<body> |
384 |
<body> |
| 385 |
|
385 |
|
| 386 |
<p> |
386 |
<p> |
| 387 |
Currently the only gentoo documentation that exists about Pax is a PaX quickstart |
387 |
Currently the only Gentoo documentation that exists about PaX is a PaX quickstart |
| 388 |
guide located at the <uri>http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml</uri> website. |
388 |
guide located at the <uri>http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml</uri> website. |
| 389 |
</p> |
389 |
</p> |
| 390 |
|
390 |
|
|
Lines 407-413
Link Here
|
| 407 |
</pre> |
407 |
</pre> |
| 408 |
|
408 |
|
| 409 |
<p> |
409 |
<p> |
| 410 |
If you are using the gentoo hardened toolchain, typically compiling your programs will create |
410 |
If you are using the Gentoo hardened toolchain, typically compiling your programs will create |
| 411 |
PIC ELF libraries that do not contain text relocations. However, certain libraries still contain |
411 |
PIC ELF libraries that do not contain text relocations. However, certain libraries still contain |
| 412 |
text relocations for various reasons (often ones that contain assembly that is handled incorrectly). |
412 |
text relocations for various reasons (often ones that contain assembly that is handled incorrectly). |
| 413 |
This can be a security vulnerability as an attacker can use non-PIC libraries to execute his shellcode. |
413 |
This can be a security vulnerability as an attacker can use non-PIC libraries to execute his shellcode. |
|
Lines 431-437
Link Here
|
| 431 |
</section> |
431 |
</section> |
| 432 |
|
432 |
|
| 433 |
<section id="paxjava"> |
433 |
<section id="paxjava"> |
| 434 |
<title>Ever since I started using PaX I can't get java working, why?</title> |
434 |
<title>Ever since I started using PaX I can't get Java working, why?</title> |
| 435 |
<body> |
435 |
<body> |
| 436 |
|
436 |
|
| 437 |
<p> |
437 |
<p> |
|
Lines 489-495
Link Here
|
| 489 |
</section> |
489 |
</section> |
| 490 |
|
490 |
|
| 491 |
<section id="grsecgentoodoc"> |
491 |
<section id="grsecgentoodoc"> |
| 492 |
<title>What gentoo documentation exists about Grsecurity?</title> |
492 |
<title>What Gentoo documentation exists about Grsecurity?</title> |
| 493 |
<body> |
493 |
<body> |
| 494 |
|
494 |
|
| 495 |
<p> |
495 |
<p> |
|
Lines 531-541
Link Here
|
| 531 |
</section> |
531 |
</section> |
| 532 |
|
532 |
|
| 533 |
<section id="rsbacgentoodoc"> |
533 |
<section id="rsbacgentoodoc"> |
| 534 |
<title>What gentoo documentation exists about RSBAC?</title> |
534 |
<title>What Gentoo documentation exists about RSBAC?</title> |
| 535 |
<body> |
535 |
<body> |
| 536 |
|
536 |
|
| 537 |
<p> |
537 |
<p> |
| 538 |
All gentoo RSBAC documentation is located at the RSBAC subproject page found at: |
538 |
All Gentoo RSBAC documentation is located at the RSBAC subproject page found at: |
| 539 |
<uri>http://www.gentoo.org/proj/en/hardened/rsbac/index.xml</uri> |
539 |
<uri>http://www.gentoo.org/proj/en/hardened/rsbac/index.xml</uri> |
| 540 |
</p> |
540 |
</p> |
| 541 |
|
541 |
|
