From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RtIOW-00058J-9L for garchives@archives.gentoo.org; Fri, 03 Feb 2012 12:37:36 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 88204E064A; Fri, 3 Feb 2012 12:37:20 +0000 (UTC) Received: from christine.whyscream.net (christine.whyscream.net [217.149.195.119]) by pigeon.gentoo.org (Postfix) with ESMTP id 3DB89E0642 for ; Fri, 3 Feb 2012 12:36:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by christine.whyscream.net (Postfix) with ESMTP id 191CFD003 for ; Fri, 3 Feb 2012 13:36:32 +0100 (CET) X-Amavis-GeoIP: Netherlands Nijmegen Received: from christine.whyscream.net ([127.0.0.1]) by localhost (christine.whyscream.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mJtIU5SZ-Duo for ; Fri, 3 Feb 2012 13:36:29 +0100 (CET) Received: from [172.16.16.144] (waalbrug.nijmegen.internl.net [217.149.192.5]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.whyscream.net (Postfix) with ESMTPSA id 8257CD002 for ; Fri, 3 Feb 2012 13:36:28 +0100 (CET) Message-ID: <4F2BD518.2090702@whyscream.net> Date: Fri, 03 Feb 2012 13:37:44 +0100 From: Tom Hendrikx User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Thunderbird/3.1.16 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 References: <4F22A8B6.3010107@opensource.dyc.edu> <4F2AF51D.8010001@whyscream.net> <20120203025041.GB3702@gmail.com> In-Reply-To: <20120203025041.GB3702@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: ff9b5743-7b0e-481a-90ca-a2511f481b5d X-Archives-Hash: 0debe0a7c62377da64ef3ae03bc5abfc On 03/02/12 03:50, Brian Kroth wrote: > Tom Hendrikx 2012-02-02 21:42: >> On 27/01/12 14:37, Anthony G. Basile wrote: >>> Hi everyone, >>> >>> I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They >>> address CVE-2012-0056. I've tested and they do indeed resist the >>> exploit. I will be stabilizing them within 24 hours. However, I feel >>> very uncomfortable doing so because I don't want to trade one set of >>> problems with another. If anyone has time to test, let me know if you >>> encounter any issues. >>> >> >> I am still using 2.6.* sources here on one machine pending resolution of >> bug https://bugs.gentoo.org/show_bug.cgi?id=386721 (if it will ever >> happen :/ ). > > Are those open-vm kernel modules still necessary? It was my > understanding that most/all of the guest modules for more efficient > virtual hardware support were included in the mainline kernel now: > I did some more investigation. None of the three in-tree open-vm-tools-kmod ebuilds compile against 2.6.32-r89, building a 3.2.2-r1 kernel now to test against that. I thought that I needed the -kmod package to run open-vm-tools in the guest, but after some more research this might only apply when you want drag-and-drop support (useless for (headless) server). The open-vm-tools ebuilds list the -kmod package as a hard RDEPEND though. I'll do some tests later today/during the weekend. Tom