I am pleased to present the following patchset with a view to its being committed as the initial hardened-sources-2.6.24 release. http://confucius.dh.bytemark.co.uk/~kerin.millar/ The sha256sum for the hardened-patches-2.6.24-1.tar.bz2 archive is as follows: 686d535fd118e95d9ce85f8cc67d560df83c9a8422c26fa5330c7cfafad84286 Many thanks are due to Gordon Malm for his outstanding contributions. These are the changes, relative to 2.6.23-r9: * Re-based upon 2.6.24 + genpatches-2.6.24-5 * Incoporates unmodified grsec-2.1.11-2.6.24.4-200803262003 patch * Introduces bespoke server and workstation oriented security levels * Allows PaX to be enabled without grsecurity * VDSO_COMPAT cannot be enabled during runtime if PaX is enabled
Thanks. I tried vanilla 2.6.24.4 + grsec-2.1.11-2.6.24.4-200803262003.patch and it made my machine freeze *hard* without any oops/panic at all. The only thing I changed in the .config from my tries with 2.6.23-hardened-r9 were that I disabled CONFIG_PAX_MEMORY_SANITIZE and CONFIG_PAX_MEMORY_UDEREF.
> * Allows PaX to be enabled without grsecurity Thank you much Kerin. Just a reminder, this not an actual change relative to 2.6.23-r9, we just split it out of the unrelated patch it has been contained in for many releases. With all the discussions, work and basically complete audit we have done, I can certainly understand the mixup.
OK, I added the ebuild with a slight modification to the tree. Thanks a lot for your effort Kerin and Gordon.