From: Heiko Z. <smi...@us...> - 2007-10-25 22:12:10
|
Update of /cvsroot/devil-linux/build/scripts/config/linux-2.6 In directory sc8-pr-cvs12.sourceforge.net:/tmp/cvs-serv30920/scripts/config/linux-2.6 Modified Files: config_grsecurity Log Message: one step closer to get grsecurity working (still not there) Index: config_grsecurity =================================================================== RCS file: /cvsroot/devil-linux/build/scripts/config/linux-2.6/config_grsecurity,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- config_grsecurity 1 May 2007 00:30:31 -0000 1.7 +++ config_grsecurity 25 Oct 2007 22:12:05 -0000 1.8 @@ -1,73 +1,17 @@ -# -# PaX -# -CONFIG_PAX=y - -# -# PaX Control -# -# CONFIG_PAX_SOFTMODE is not set -# CONFIG_PAX_EI_PAX is not set -CONFIG_PAX_PT_PAX_FLAGS=y -# CONFIG_PAX_NO_ACL_FLAGS is not set -CONFIG_PAX_HAVE_ACL_FLAGS=y -# CONFIG_PAX_HOOK_ACL_FLAGS is not set - -# -# Non-executable pages -# -CONFIG_PAX_NOEXEC=y -CONFIG_PAX_PAGEEXEC=y -CONFIG_PAX_SEGMEXEC=y -# CONFIG_PAX_DEFAULT_PAGEEXEC is not set -CONFIG_PAX_DEFAULT_SEGMEXEC=y -# CONFIG_PAX_EMUTRAMP is not set -CONFIG_PAX_MPROTECT=y -# CONFIG_PAX_NOELFRELOCS is not set -CONFIG_PAX_KERNEXEC=y - -# -# Address Space Layout Randomization -# -CONFIG_PAX_ASLR=y -CONFIG_PAX_RANDUSTACK=y -CONFIG_PAX_RANDMMAP=y - -# -# Miscellaneous hardening features -# -# CONFIG_PAX_MEMORY_SANITIZE is not set -# CONFIG_PAX_MEMORY_UDEREF is not set - -# -# Grsecurity -# CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_LOW is not set # CONFIG_GRKERNSEC_MEDIUM is not set # CONFIG_GRKERNSEC_HIGH is not set CONFIG_GRKERNSEC_CUSTOM=y - -# -# Address Space Protection -# CONFIG_GRKERNSEC_KMEM=y CONFIG_GRKERNSEC_IO=y CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODSTOP=y CONFIG_GRKERNSEC_HIDESYM=y - -# -# Role Based Access Control Options -# CONFIG_GRKERNSEC_ACL_HIDEKERN=y CONFIG_GRKERNSEC_ACL_MAXTRIES=3 CONFIG_GRKERNSEC_ACL_TIMEOUT=30 - -# -# Filesystem Protections -# CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USER=y CONFIG_GRKERNSEC_PROC_ADD=y @@ -87,10 +31,6 @@ CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y CONFIG_GRKERNSEC_CHROOT_CAPS=y - -# -# Kernel Auditing -# # CONFIG_GRKERNSEC_AUDIT_GROUP is not set CONFIG_GRKERNSEC_EXECLOG=y CONFIG_GRKERNSEC_RESLOG=y @@ -103,29 +43,31 @@ CONFIG_GRKERNSEC_TIME=y CONFIG_GRKERNSEC_PROC_IPADDR=y # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set - -# -# Executable Protections -# CONFIG_GRKERNSEC_EXECVE=y CONFIG_GRKERNSEC_SHM=y CONFIG_GRKERNSEC_DMESG=y # CONFIG_GRKERNSEC_TPE is not set - -# -# Network Protections -# CONFIG_GRKERNSEC_RANDNET=y # CONFIG_GRKERNSEC_SOCKET is not set - -# -# Sysctl support -# CONFIG_GRKERNSEC_SYSCTL=y # CONFIG_GRKERNSEC_SYSCTL_ON is not set - -# -# Logging Options -# CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=10 +CONFIG_PAX=y +# CONFIG_PAX_SOFTMODE is not set +# CONFIG_PAX_EI_PAX is not set +CONFIG_PAX_PT_PAX_FLAGS=y +# CONFIG_PAX_NO_ACL_FLAGS is not set +CONFIG_PAX_HAVE_ACL_FLAGS=y +# CONFIG_PAX_HOOK_ACL_FLAGS is not set +CONFIG_PAX_NOEXEC=y +CONFIG_PAX_PAGEEXEC=y +CONFIG_PAX_SEGMEXEC=y +# CONFIG_PAX_EMUTRAMP is not set +CONFIG_PAX_MPROTECT=y +# CONFIG_PAX_NOELFRELOCS is not set +CONFIG_PAX_ASLR=y +CONFIG_PAX_RANDUSTACK=y +CONFIG_PAX_RANDMMAP=y +# CONFIG_PAX_MEMORY_SANITIZE is not set +# CONFIG_PAX_MEMORY_UDEREF is not set |