Re: grsecurity patch (woody kernel 2.4.18)
On Thu, 17 Oct 2002 17:53, WebMaster wrote:
> hello,
>
> can i safely apply the grsecurity patch?
Yes. It does nothing by default. The patch version in woody has a build bug,
so you'll have to hit it with a stick first:
-----------------------------8<----------------------------
The problem is in the patch snippet below. It sets the EXTRAVERSION which is
now apparently against Debian policy. If you find a kernel patch package
that touches EXTRAVERSION then file a bug report asking that it be removed.
Also you should probably file a wishlist bug report against kernel-package
requesting that it report this BEFORE compilation to save you wasting time
waiting for a compile that is eventually aborted.
diff -urN linux/Makefile linux/Makefile
--- linux/Makefile 2002-08-02 11:20:20.000000000 -0400
+++ linux/Makefile 2002-08-01 19:21:55.000000000 -0400
@@ -1,7 +1,7 @@
VERSION = 2
PATCHLEVEL = 4
SUBLEVEL = 19
-EXTRAVERSION =
+EXTRAVERSION = -grsec
------------------------------------8<---------------------------------
(Fix courtesy of Russel Coker; I applied a similar fix directly to the
patch itself, by hand).
> if this patch make servers more secure just by apply it (without acl),
> why isn it applied by default?
Many of the features can cause things to break, depending on what you
have running on your system - even the non-executable stack code, which
is all I'm running at the moment. The help attached to each option is fairly
good, so with a little experimentation, you'll be able to find a set of
options suitable for your setup.
John
Reply to: