[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#605090: Updated patch

On Tue, Jan 18, 2011 at 06:32:50PM +0100, Yves-Alexis Perez wrote:
> I've started working on 2.6.37 since Brad Sprengler recently released
> the grsecurity patch for that kernel.

Is there VCS or is this just a code drop without information about
changes? I was not even able to find older patches. Who does code
reviews without that information?

The patch includes several modifications to selinux and random other
parts. Why are they not merged? Please show that they have been
submitted at least.

> Initial packaging for linux-grsec-base is at
> http://git.debian.org/?p=collab-maint/linux-grsec-base.git;a=summary if
> needed.

Why is this not part of the patch below?

Currently the patch only includes informations for i386 and amd64.
Please state your intentions about other architectures.

> +  [ Yves-Alexis Perez ]
> +  * Add a grsecurity featureset.

*nitpick* the patch calls it "Grsecurity".

> Index: debian/config/featureset-grsec/config
> ===================================================================
> --- debian/config/featureset-grsec/config	(revision 0)
> +++ debian/config/featureset-grsec/config	(revision 0)
> @@ -0,0 +1,152 @@
> +CONFIG_DEBUG_STRICT_USER_COPY_CHECKS=y

Please show why this should not be enabled globaly.

> +CONFIG_DEBUG_RODATA=y

x86 specific and default on.

Bastian

-- 
It would be illogical to kill without reason.
		-- Spock, "Journey to Babel", stardate 3842.4
Reply to: