The grsec patch in hardened-sources-2.6.32-r18 and hardened-sources-2.6.34-r6
Running 2.6.34-r6 fine and stable.
*** Bug 338025 has been marked as a duplicate of this bug. ***
Created attachment 248720 [details, diff]
Backported patch for 18.104.22.168
Applies cleanly to a stock 22.214.171.124 tree.
Hunk #1 FAILED at 360.
1 out of 1 hunk FAILED -- saving rejects to file include/linux/compat.h.rej
We need this to apply to -r10, I will look at it tonight after work.
> We need this to apply to -r10, I will look at it tonight after work.
I can't reproduce this failure ...
# ACCEPT_KEYWORDS="~amd64" emerge =gentoo-sources-2.6.34-r10
# cp -a linux-2.6.34-gentoo-r10 linux-2.6.34-gentoo-r10.orig
# cd linux-2.6.34-gentoo-r10
# patch -p1 < ../126.96.36.199_compat_alloc_user_space-incorporate-access_ok.patch
patching file arch/ia64/include/asm/compat.h
patching file arch/mips/include/asm/compat.h
patching file arch/parisc/include/asm/compat.h
patching file arch/powerpc/include/asm/compat.h
patching file arch/s390/include/asm/compat.h
patching file arch/sparc/include/asm/compat.h
patching file arch/x86/include/asm/compat.h
patching file include/linux/compat.h
patching file kernel/compat.c
# md5sum ../188.8.131.52_compat_alloc_user_space-incorporate-access_ok.patch
I am using genpatches/2.6.34 right from svn. Possobly I have something in there that is not yet in r10.
I will have to look at this after work. real job first.
Created attachment 248808 [details, diff]
Patches cleanly against 2.6.34-r10
Adding patch tested to work against 2.6.34-r10
Created attachment 248810 [details]
2.6.34-r10 ebuild using 2.6.34-compat-alloc.patch
Released in gentoo-sources-2.6.34-r11.
For anyone who is concerned that they may have been exposed and subsequently exploited, here is a tool from Ksplice which checks for known backdoors:
Please consult the gentoo linux vulnerability treatment guide if you have further questions regarding the severity, before changing it.
I read it and am unable to fathom how the evaulation can be determined as anything other than A1 (critical) ...
A = System/Common Package
1 = Local privilege escalation: flaw allowing root compromise when you have local access