From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1ODDpP-0002j3-KS for garchives@archives.gentoo.org; Sat, 15 May 2010 09:38:39 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 809D7E068F; Sat, 15 May 2010 09:38:01 +0000 (UTC) Received: from mail-fx0-f53.google.com (mail-fx0-f53.google.com [209.85.161.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 2BBB8E068F for ; Sat, 15 May 2010 09:38:01 +0000 (UTC) Received: by fxm15 with SMTP id 15so2644135fxm.40 for ; Sat, 15 May 2010 02:38:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=+mLKicZslfQkkac4YeBtT1kXPdkFDqg2UquIaj2eT/c=; b=pjo32/l1VH0st2TuV+BvfeY6hNgUUvtaujI0kOxQnM2decWcBxado3oE0H06tTNFIX u3dQryPbN+ans47Vt8M3nm8stX+PaA6eyQmJdS1Jz+fibro5fwua0OClQRl/RCa+AS9C gCpinfQaj2ozTO2OOGcHH7S4WCtAvIwwlbGks= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=hiTu0nih5FPf5QFsxaU15MerSAFZcnmBlZpWL3+nDc2DJl1ryOE72aWF8S6o4TVnHT RoWDnxaSTPHfA31aoAsD4Y8APyc9UOWVfown9K4D/63F4fh5OOWdDzPcD3ynyTPUmGws uuiZgK6lXGRKNq5LkAyncAGOyDV5HQzhDPhuM= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.223.68.13 with SMTP id t13mr2887844fai.69.1273916278459; Sat, 15 May 2010 02:37:58 -0700 (PDT) Received: by 10.223.108.211 with HTTP; Sat, 15 May 2010 02:37:58 -0700 (PDT) In-Reply-To: <4BEE5F75.8060005@topphemmelig.net> References: <20100512215509.GD1987@home.power> <4BEDE792.6400.8DAE8@pageexec.freemail.hu> <4BEE5F75.8060005@topphemmelig.net> Date: Sat, 15 May 2010 12:37:58 +0300 Message-ID: Subject: Re: [gentoo-hardened] PAX bug? From: Constantine Kardaris To: gentoo-hardened@lists.gentoo.org Content-Type: multipart/alternative; boundary=0015174be42e40501e04869ebf12 X-Archives-Salt: 499817f5-d57b-4746-acd4-1e6a71f9a6d4 X-Archives-Hash: f7687044d9fefb503ac2b99d97956cd3 --0015174be42e40501e04869ebf12 Content-Type: text/plain; charset=UTF-8 add "anarchy" overlay http://git.overlays.gentoo.org/gitweb/?p=dev/anarchy.git;a=tree;f=sys-kernel/hardened-sources;h=398bb516fac60966b6f83d9335f4b530cc0e7406;hb=HEAD On Sat, May 15, 2010 at 11:46 AM, David Sommerseth < gentoo.list@topphemmelig.net> wrote: > On 15/05/10 02:15, pageexec@freemail.hu wrote: > > On 13 May 2010 at 0:55, Alex Efros wrote: > > > >> Server was rebooted, now everything is fine. Server software is nearly > >> up-to-date x86 Gentoo (last update was 2-3 weeks ago), kernel is > >> sys-kernel/hardened-sources-2.6.28-r9. > > > > i'd need the vmlinux image to tell for sure but it's most likely a false > positive > > that has been fixed since in later kernels, so please try to use > something we actually > > support (.32 or .33, soon .34), not .28. > > I'm sorry for probably being quite upset now. But in regards to the > supported version, that sounds like utter non-sense to me. I just > updated the portage tree ... and this is what is available there: > > $ find /usr/portage/sys-kernel/hardened-sources > /usr/portage/sys-kernel/hardened-sources > /usr/portage/sys-kernel/hardened-sources/metadata.xml > /usr/portage/sys-kernel/hardened-sources/Manifest > /usr/portage/sys-kernel/hardened-sources/ChangeLog > /usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.25-r13.ebuild > /usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.26-r9.ebuild > /usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.28-r9.ebuild > /usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.29.ebuild > /usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.28-r7.ebuild > > I simply do not see that .32, .33 nor any .34 kernels have been made > available nor marked as stable. And I am not using a fixed mirror in > /etc/make.conf. > > This is once again a repetition of the a similar discussion a few weeks > ago, where several of us raised the concern about an outdated hardened > stable kernel. > > I might have missed some obvious information, but I cannot see anywhere > among the hardened project documentation pages that we should expect to > find the hardened kernels anywhere else. > > > > > We *seriously* need to get this clarified now. There might even be a > lot of users who don't visit the hardened IRC channel or the mailing > list - and they are most probably running a .28-r9 kernel, which is the > latest stable kernel - at least how I can understand it ... this > situation is making me uncomfortable and quite worried now! > > > kind regards, > > David Sommerseth > > --0015174be42e40501e04869ebf12 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable add "anarchy" overlay

On Sat, May 15, 20= 10 at 11:46 AM, David Sommerseth <gentoo.list@topphemmelig.net> wro= te:
On 15/05/= 10 02:15, pageexec@freemail.hu = wrote:
> On 13 May 2010 at 0:55, Alex Efros wrote:
>
>> Server was rebooted, now everything is fine. Server software is ne= arly
>> up-to-date x86 Gentoo (last update was 2-3 weeks ago), kernel is >> sys-kernel/hardened-sources-2.6.28-r9.
>
> i'd need the vmlinux image to tell for sure but it's most like= ly a false positive
> that has been fixed since in later kernels, so please try to use somet= hing we actually
> support (.32 or .33, soon .34), not .28.

I'm sorry for probably being quite upset now. =C2=A0But in = regards to the
supported version, that sounds like utter non-sense to me. =C2=A0I just
updated the portage tree ... and this is what is available there:

$ find /usr/portage/sys-kernel/hardened-sources
/usr/portage/sys-kernel/hardened-sources
/usr/portage/sys-kernel/hardened-sources/metadata.xml
/usr/portage/sys-kernel/hardened-sources/Manifest
/usr/portage/sys-kernel/hardened-sources/ChangeLog
/usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.25-r13.ebuild=
/usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.26-r9.ebuild<= br> /usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.28-r9.ebuild<= br> /usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.29.ebuild
/usr/portage/sys-kernel/hardened-sources/hardened-sources-2.6.28-r7.ebuild<= br>
I simply do not see that .32, .33 nor any .34 kernels have been made
available nor marked as stable. =C2=A0And I am not using a fixed mirror in<= br> /etc/make.conf.

This is once again a repetition of the a similar discussion a few weeks
ago, where several of us raised the concern about an outdated hardened
stable kernel.

I might have missed some obvious information, but I cannot see anywhere
among the hardened project documentation pages that we should expect to
find the hardened kernels anywhere else.

<http://www.gentoo.org/doc/en/?catid=3Dproject>
<h= ttp://www.gentoo.org/proj/en/hardened/>

We *seriously* need to get this clarified now. =C2=A0There might even be a<= br> lot of users who don't visit the hardened IRC channel or the mailing list - and they are most probably running a .28-r9 kernel, which is the
latest stable kernel - at least how I can understand it ... this
situation is making me uncomfortable and quite worried now!


kind regards,

David Sommerseth


--0015174be42e40501e04869ebf12--