grsec 2.1.7 fixes the bug for 2.4.32-rc3/2.6.14.2
---------- Forwarded Message ----------
Subject: [grsec] grsecurity 2.1.7 released for Linux 2.4.32-rc3/2.6.14.2
Date: Sunday 13 November 2005 22:49
From: Brad Spengler <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
grsecurity 2.1.7 has been released for the 2.4.32-rc3 and 2.6.14.2
versions of the Linux kernel. Changes in this version include:
* The internal storing and searching of objects, subjects, and roles
in the RBAC system has been overhauled. We now use chained hash tables
that offer much better long-run performance. The IP tagging code also
benefits from this change, which should improve overall system
performance.
* Processes are now allowed to read their own /proc/<pid>/maps file,
fixing a compatibility issue with libpthread
* Many PaX updates, including a fix that corrects xargs behavior
with long argument lists
* Learning config update: /tmp, /var/tmp will always reduce
* CPU time resource limits in the RBAC system have been corrected
* Only /dev/urandom is now used for generating the salt for the
password hashes, correct the gradm -P users with low entropy for
randomness experienced. /dev/urandom is safe to use in this case, since
the salt we are generating is large compared to normal password hashing
routines, and the hash itself is kept secret while the RBAC system is
enabled.
* Usernames with "." in them are now supported in RBAC policy
* Fixed problem in RBAC system where keventd would be denied a
signal send to X11
* Fixed a problem with alarm() and the chroot restrictions
* Several other bugfixes
-Brad
-------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
