Linux 2.4.21, GrSecurity 1.9.10 & 2.0-pre5

Linux

Nos, végre valahára kiadták a 2.4.21-et, nem voltam benne biztos, hogy megérjük :)

Ezzel egy időben megjelent a GrSecurity patch 1.9.10-es stabil és 2.0-pre5-ös verziója is a 2.4.21-hez, persze.

Kernel:

linux-2.4.21.tar.bz2

patch-2.4.21.bz2

GrSecurity:

grsecurity-1.9.10-2.4.21.patch

grsecurity-2.0-pre5-2.4.21.patchÍme Brad levele:

From: spender@grsecurity.net

Reply-To: grsecurity@grsecurity.net

To: grsecurity@grsecurity.net

Subject: [grsec] grsecurity 1.9.10 and 2.0-pre5 released for Linux 2.4.21

grsecurity 1.9.10 and 2.0-pre5 have been released for the 2.4.21 kernel.

Changes in 1.9.10 include mainly bugfixes (in particular, one for the

NPROC restriction and one with ACL recreation).

2.0-pre5 offers several new features. The ability to create or modify an

object to be setuid or setgid has been made into an object mode "m".

Creating an object has been made into an object mode "c". Deleting an

object has been made into an object mode "d". These new modes were

created out of a need to be more fine-grained in policies. These modes

are particularly useful to prevent unauthorized transitions to root by

creating a rootshell, for instance. They are also useful for protecting

devices such as terminals, since they can be written to by unprivileged

users, but should be protected from creation or deletion by everyone but

privileged processes. The next generation of learning code is almost

complete. It will allow administrators using grsecurity 2.0 to perform

full system learning: grsecurity will learn all accesses made to the

system, and will generate roles, subjects, and objects to match that

usage. The code also performs intelligent reduction of policies: If you

have 5 users active on the system during learning, each belonging to the

group "users," instead of adding a role for each user, a role will be

added for the group. Greater analysis will be performed on reducing

subjects and objects than is performed currently in 1.9.x. The new

learning code will be available in 2.0-rc1, which will be the next

release of the 2.0 tree after 2.0-pre5.

Enjoy

-Brad


grsecurity-1.9.10-2.4.21.patch

grsecurity-2.0-pre5-2.4.21.patch

( Kaloz v | 2003. 06. 15., v – 05:06 )

honlapon imho eleg korrektul le van irva ;)

amugy fo ujdonsag, hogy role based az ACL rendszer..