[gentoo-alpha] grsec patch for 2.4.23 with XFS

[gentoo-alpha] grsec patch for 2.4.23 with XFS

[Marc Giger]

Hi List,

For all who want to use XFS and grsecurity together, I've made a rediff
of grsecurity to 2.4.23

You can find it on:

http://gigerstyle.homelinux.com/grsecurity-1.9.13-2.4.23.patch.bz2

On the sgi website you can find the xfs-patches for 2.4.23.

I've tested it under different loads and it works perfectly for me

Have a lot of fun

greets

Marc

--
gentoo-alpha@gentoo.org mailing list

Re: [gentoo-alpha] grsec patch for 2.4.23 with XFS

[Aron Griffis]

[-- Attachment #1: Type: text/plain, Size: 507 bytes --]

Marc Giger wrote:	[Wed Dec 10 2003, 01:08:04PM EST]
> For all who want to use XFS and grsecurity together, I've made a rediff
> of grsecurity to 2.4.23

So would we lose any functionality by providing an alpha-sources that
uses this patch?  I.e. is there anything else in alpha-sources-2.4.21-r2
that would be missing from 2.4.23 with this patch?

Aron

-- 
Aron Griffis
Gentoo Linux Developer (alpha / ia64 / ruby / vim)
Key fingerprint = E3B6 8734 C2D6 B5E5 AE76  FB3A 26B1 C5E3 2010 4EB0


[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-alpha] grsec patch for 2.4.23 with XFS

[Marc Giger]

On Wed, 10 Dec 2003 14:15:39 -0500
Aron Griffis <agriffis@gentoo.org> wrote:

> Marc Giger wrote:	[Wed Dec 10 2003, 01:08:04PM EST]
> > For all who want to use XFS and grsecurity together, I've made a
> > rediff of grsecurity to 2.4.23
> 
> So would we lose any functionality by providing an alpha-sources that
> uses this patch?  I.e. is there anything else in
> alpha-sources-2.4.21-r2 that would be missing from 2.4.23 with this
> patch?

I hope you mean 2.4.21-r1? Never seen a -r2 ebuild

Yep 

USAGI (IPV6 / Ipsec) will be missing.

superfreeswan (Ipsec) will be missing.

patch-int (crypto modules?) Are now in the official vanilla-kernel

loop-jari (also crypto modules?) Are now in the official vanilla-kernel

do_brk_fix.patch is in official-vanilla-tree

If there is interest in these patches I can see what I can do

greets

Marc

--
gentoo-alpha@gentoo.org mailing list

Re: [gentoo-alpha] grsec patch for 2.4.23 with XFS

[Aron Griffis]

[-- Attachment #1: Type: text/plain, Size: 996 bytes --]

Marc Giger wrote:	[Wed Dec 10 2003, 03:23:23PM EST]
> I hope you mean 2.4.21-r1? Never seen a -r2 ebuild

Right, that's because I forgot to commit it... 6 days ago.  It's just a
rev-bump to push out the do_brk fix.  I've committed it now.

> Yep 
> 
> USAGI (IPV6 / Ipsec) will be missing.
> 
> superfreeswan (Ipsec) will be missing.
> 
> patch-int (crypto modules?) Are now in the official vanilla-kernel
> 
> loop-jari (also crypto modules?) Are now in the official vanilla-kernel
> 
> do_brk_fix.patch is in official-vanilla-tree
> 
> If there is interest in these patches I can see what I can do

That would be fantastic.  I'm just hesitant to release a new
alpha-sources that would regress by offering fewer features.  If you
manage to add those patches, it would be an easy choice to release
alpha-sources-2.4.23

Aron

-- 
Aron Griffis
Gentoo Linux Developer (alpha / ia64 / ruby / vim)
Key fingerprint = E3B6 8734 C2D6 B5E5 AE76  FB3A 26B1 C5E3 2010 4EB0


[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-alpha] grsec patch for 2.4.23 with XFS

[Marc Giger]

On Wed, 10 Dec 2003 15:33:58 -0500
Aron Griffis <agriffis@gentoo.org> wrote:

> Marc Giger wrote:	[Wed Dec 10 2003, 03:23:23PM EST]
> > I hope you mean 2.4.21-r1? Never seen a -r2 ebuild
> 
> Right, that's because I forgot to commit it... 6 days ago.  It's just
> a rev-bump to push out the do_brk fix.  I've committed it now.

Sorry, why to push out the do_brk fix? It's fixed only since 2.4.23
or do I missing something??

> 
> > Yep 
> > 
> > USAGI (IPV6 / Ipsec) will be missing.
> > 
> > superfreeswan (Ipsec) will be missing.
> > 
> > patch-int (crypto modules?) Are now in the official vanilla-kernel
> > 
> > loop-jari (also crypto modules?) Are now in the official
> > vanilla-kernel
> > 
> > do_brk_fix.patch is in official-vanilla-tree
> > 
> > If there is interest in these patches I can see what I can do
> 
> That would be fantastic.  I'm just hesitant to release a new
> alpha-sources that would regress by offering fewer features.  If you
> manage to add those patches, it would be an easy choice to release
> alpha-sources-2.4.23

Ok, I will see what and when I can do it. I think I will build it on
top of the XFS patches. Is this ok?
And whats about grsec? Should it be included too?

Marc

--
gentoo-alpha@gentoo.org mailing list

Re: [gentoo-alpha] grsec patch for 2.4.23 with XFS

[Aron Griffis]

[-- Attachment #1: Type: text/plain, Size: 1195 bytes --]

Marc Giger wrote:	[Wed Dec 10 2003, 05:40:43PM EST]
> Sorry, why to push out the do_brk fix? It's fixed only since 2.4.23
> or do I missing something??

The stable alpha-sources was 2.4.21-r1.  The do_brk fix was added to all
existing alpha-sources ebuilds, but that doesn't push the fix out for
users when they do "emerge -u world" ... for that one needs to bump the
revision.

The rule in Gentoo is: 
    - If it's a compile-time problem, don't need to bump the revision
      (because the user couldn't compile it anyway).
    - If it's a run-time problem, bump the revision so that users will
      get the new package when they update.

> Ok, I will see what and when I can do it. I think I will build it on
> top of the XFS patches. Is this ok?
> And whats about grsec? Should it be included too?

Yeah, I'd say just keep both of them.  If alpha users don't want those
patches, they can always use vanilla sources or roll their own.
alpha-sources is intended to be like gentoo-sources, but for alpha...

Thanks!

Aron

-- 
Aron Griffis
Gentoo Linux Developer (alpha / ia64 / ruby / vim)
Key fingerprint = E3B6 8734 C2D6 B5E5 AE76  FB3A 26B1 C5E3 2010 4EB0


[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]