2.4.9 etc.


From: Bencsath Boldizsar <boldi@datacontact.hu>
Subject: 2.4.9 etc.
Date: Thu, 23 Aug 2001 15:25:10 +0200 (CEST)

Next Article (by Date): RE: 2.4.9 etc. "Kaladis"
Previous Article (by Date): Re: /etc protection Jesse Pollard
Next in Thread: RE: 2.4.9 etc. "Kaladis"
Articles sorted by: [Date] [Author] [Subject]


I tried to finally hack together a stable kernel with 'features', and it
seem to be ok.
So:
Linux kernel 2.4.9
+
rsbac 1.1.2pre10
+
grsecurity 1.7
+
xfs file system
+
freeswan snapshot
+
vlan patch

Problems while patching:

the minimum function (defined in rsbac as a simple macro) has changed to
2.4.9, so vlan,rsbac and freeswan patches do not compile.

include/rsbac/types.h has been changed to:
#ifndef minimum
#define minimum(a,b) (((a)<(b))?(a):(b))
#endif
and also every use of min() had to do so...

Vlan patch and freeswan doesn't like each other in net/Makefile, both
would write
subdir-$(CONFIG_VLAN_8021Q)           += 8021q
and
subdir-$(CONFIG_IPSEC)          += ipsec
to the end..

Rsbac and grsecurity also had about 10 patch problems. (they try to patch
the same place).
NTFS module doesn't compile -> another problem with min() -> I didn't
correct this one.

entry.s patch problems occour rsbac<->xfs, both wishes to write some 10s
lines to the end of a list.

sysctl.h had problems with grsecurity:
Another patch tried to attach  KERN_NMI_WATCHDOG=52 while gr security also
tried to add an enum with this number.


Anyhow: The files were successfully patched, the result is at
http://db.ebizlab.hit.bme.hu/~boldi/rsbac.html if anyone is interested.
(MD5:95919e0a450c161627e87bfb7f4409a1)

A small bug:
If You try to use PAX buffer overflow protection from grsecurity and rsbac
together, the boot process stops after rsbacd initializing() and before
INIT process starts. I couldn't figure out the reason...

For freeswan I've used the snapshot aug21a, to use it:
tar xfvz snapshot
cd freeswan...
make programs
make install
 (do not run makego-> patching won't go...)
cd ../linux
...
make bzImage (already patched with ipsec)
...

hope this helps someone..
boldi
ps. it would be great to find out some way to make patches compatible each
other, e.g. if some functions in the original kernel could could contain
such lines:

//####### this is a place for rsbac patches
//####### magic 35252435
//####### magic 334634659439
//####### magic sdf394fwe
//####### magic 09348234
//####### magic 3249283423
//####### this is a place for grsec patches
//####### magic 3werwerw35
//####### magic 33576456435439
//####### magic sd342342we
//####### magic 09334234234
//####### magic 63245234234


The the patches could be inserted belong the 'magic' lines without
spoiling other patches... And this wouldn't collapse the main kernel
distrib... (You surely know why they don't do things like that but I don't
;-) )




-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): RE: 2.4.9 etc. "Kaladis"
Previous Article (by Date): Re: /etc protection Jesse Pollard
Next in Thread: RE: 2.4.9 etc. "Kaladis"
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.