Apologies for not having responded to this sooner, but I had been waiting
for a chance to try this out before getting back. Unfortunately, the
ultimate irony has struck - after mentioning to others that I preferred
to stick with gentoo-sources given where I was at, well some
instabilities in other aspects of our simulation system turn out to be
triggered by, you guessed it, gentoo-sources. <sigh> Right now I'm
running with vanilla kernel sources and the simulation seems to be
behaving. I'm guessing some problem lies in the pre-emptive patches, but
that's pure speculation and nothing more.
However, I will certainly go back and check out your SKAS patch under
gentoo-sources at some point and I'll let you know how it goes. Even if
this is useless at work now, it will be helpful for my personal use.
Je vais te donner des nouvelles, merci encore,
On March 18, 2004 02:05 am, daniel wrote:
> I have a modified skas3 patch for gentoo-sources ~ 2.4.20, and it may
> be works with actual version (2.4.22-r8).
Alle 08:05, gioved=EC 18 marzo 2004, daniel ha scritto:
> I have a modified skas3 patch for gentoo-sources ~ 2.4.20, and it may be
> works with actual version (2.4.22-r8).
This patch has a problem if you care about GrSecurity actually working (i.e=
not only stable but also secure).
In arch/i386/kernel/sys_i386.c, to solve a conflict, you change the call to=
do_mmap() to a call to do_mmap_pgoff(). This way you skip some security=20
checks added by GrSec (I checked GrSecurity 1.9.9h as shipped in 2.4.21-ck2=
but I think this is still true).
Actually, I tried to see how to solve the conflict but it seems absolutely =
trivial. If you really care about security, then ask me and I'll think abou=
The problem is that the security checks need to know, inside do_mmap(), whi=
process are they acting onto (note the usage of current->flags); do_mmap() =
called by do_mmap2() which is called by write_proc_mm(). And with that call=
we do not know which process will use that mm_struct.
> This patch is not based on the original host-skas3.patch, but on a
> revised patch
> I've recently (this week) changed to gs-sources, for test because my
> uptime is too short, and i have
> modified the patch from blaisorblade (link after) to work.
This has no problem, since all changes seem trivial.
Paolo Giarrusso, aka Blaisorblade
Linux registered user n. 292729