Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. Hardened
rsbac-sources and PaX
tazok.id0 at gmail
Nov 22, 2012, 9:49 AM
Post #1 of 6 (2949 views)
Permalink
Hi all, I saw that in the last ebuild (3.4.1), PaX is in
UNIPATCH_EXCLUDE. What have you Planned about this?.

I also knew the existence of a base rsbac_policy based hardened gentoo
subproject? is there anything written about it?

Thanks for all.
rsbac-sources and PaX [ In reply to ]
tazok.id0 at gmail
Nov 22, 2012, 10:05 AM
Post #2 of 6 (2889 views)
Permalink
Hi all, I saw that in the last ebuild (3.4.1), PaX is in
UNIPATCH_EXCLUDE. What have you Planned about this?.

I also knew the existence of a base rsbac_policy based hardened gentoo
subproject? is there anything written about it?

Thanks for all.


PD: klondike, if you check the logs from mailing-list "someone" by
error sent this mail to gentoo-hardened@lists.gentoo.org, just me...
please burn it.
Re: rsbac-sources and PaX [ In reply to ]
blueness at gentoo
Dec 1, 2012, 12:37 PM
Post #3 of 6 (2887 views)
Permalink
On 11/22/2012 12:49 PM, Javier Juan Martínez Cabezón wrote:
>
>
> Hi all, I saw that in the last ebuild (3.4.1), PaX is in
> UNIPATCH_EXCLUDE. What have you Planned about this?.
>
> I also knew the existence of a base rsbac_policy based hardened gentoo
> subproject? is there anything written about it?
>
> Thanks for all.
>

When last I tried to apply the pax patches on top of rsbac, they did not
go. People kept saying the did, but they did not without hacking. If
you want to provide me with an rsbac patchset and pax patchset that are
compat I will try again.


--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
Re: rsbac-sources and PaX [ In reply to ]
tazok.id0 at gmail
Dec 2, 2012, 12:43 AM
Post #4 of 6 (2885 views)
Permalink
On 01/12/12 21:37, Anthony G. Basile wrote:
> On 11/22/2012 12:49 PM, Javier Juan Martínez Cabezón wrote:
>>
>>
>> Hi all, I saw that in the last ebuild (3.4.1), PaX is in
>> UNIPATCH_EXCLUDE. What have you Planned about this?.
>>
>> I also knew the existence of a base rsbac_policy based hardened gentoo
>> subproject? is there anything written about it?
>>
>> Thanks for all.
>>
>
> When last I tried to apply the pax patches on top of rsbac, they did not
> go. People kept saying the did, but they did not without hacking. If
> you want to provide me with an rsbac patchset and pax patchset that are
> compat I will try again.
>
>

Hi Anthony, thanks for your reply. I think that there are no one PaX
version compatible with rsbac patch by default without patching at hand.
They are always rejections in mm.c and some others, and always in the
same places and it seems it will not change in the future.

This is really tricky because to solve it I don't always know if I'm
doing things in a correct way.
Re: rsbac-sources and PaX [ In reply to ]
tazok.id0 at gmail
Dec 3, 2012, 8:58 AM
Post #5 of 6 (2883 views)
Permalink
This is the patch.

linuxnopax is kernel 3.4.1 with rsbac patch implemented and PaX broken
when fail patching (excluded rejections and orig files), linux 3.4.1 is
handheld solved rejections patched PaX and rsbac.

Surely I broken things and maybe one 5 years child would do a better job
than me, can you tell me your opinion? are there broken things?





On 01/12/12 21:37, Anthony G. Basile wrote:
> On 11/22/2012 12:49 PM, Javier Juan Martínez Cabezón wrote:
>>
>>
>> Hi all, I saw that in the last ebuild (3.4.1), PaX is in
>> UNIPATCH_EXCLUDE. What have you Planned about this?.
>>
>> I also knew the existence of a base rsbac_policy based hardened gentoo
>> subproject? is there anything written about it?
>>
>> Thanks for all.
>>
>
> When last I tried to apply the pax patches on top of rsbac, they did not
> go. People kept saying the did, but they did not without hacking. If
> you want to provide me with an rsbac patchset and pax patchset that are
> compat I will try again.
>
>

Attached Files:

Re: rsbac-sources and PaX [ In reply to ]
tazok.id0 at gmail
Dec 3, 2012, 9:53 AM
Post #6 of 6 (2904 views)
Permalink
On 03/12/12 17:58, Javier Juan Martínez Cabezón wrote:
>
> This is the patch.
>
> linuxnopax is kernel 3.4.1 with rsbac patch implemented and PaX broken
> when fail patching (excluded rejections and orig files), linux 3.4.1 is
> handheld solved rejections patched PaX and rsbac.
>
> Surely I broken things and maybe one 5 years child would do a better job
> than me, can you tell me your opinion? are there broken things?
>
>
>
>
>
> On 01/12/12 21:37, Anthony G. Basile wrote:
>> On 11/22/2012 12:49 PM, Javier Juan Martínez Cabezón wrote:
>>>
>>>
>>> Hi all, I saw that in the last ebuild (3.4.1), PaX is in
>>> UNIPATCH_EXCLUDE. What have you Planned about this?.
>>>
>>> I also knew the existence of a base rsbac_policy based hardened gentoo
>>> subproject? is there anything written about it?
>>>
>>> Thanks for all.
>>>
>>
>> When last I tried to apply the pax patches on top of rsbac, they did not
>> go. People kept saying the did, but they did not without hacking. If
>> you want to provide me with an rsbac patchset and pax patchset that are
>> compat I will try again.
>>
>>
>

I have just compiled in my computer without incidents but...
WARNING: modpost: Found 11411 section mismatch(es).
I just only modify 6 source code files, just a record to have 11411
mismatches.

Probably my "patch" finally makes my kernel start making coffee instead
protecting memory or implementing MAC.... I will see.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal