Saint Jude / News: Recent posts

After a bit of a break while changing jobs (and moving to DC)
here is 0.10. 2.4.X (tested up to 2.4.2) works on this version.
(SMP also).

Also, A Perl-Based Parser for all that learing out put is included to facilitate the creation of the Rulebase from all
that learning output! (YEA! No more "By - Hand".) Combined
with the OVERRIDE option in the rulebase, daemon processes
may be included under the protective umbrella (READ: Remote Root Exploits).... read more

More changes, and compile failures on some linux systems.

Changes include:

1. Include file <sys/mman.h> changed to <linux/mman.h>

2. Make file now defines explicitly where the linux include
files are. This fixes a major crapping out when the include
files were expected to be found in /usr/include/linux.

If your linux kernel tree is not under /usr/src/linux, you will
need to modify the Makefile appropriately. ... read more

Here is what is known so far:

It appears that on there are compile problems on Mandrake,
Debian, and (no confirmation) Redhat 7 systems.

There are 2 changes that can be made to get them
to compile. I am still working on the 'why' for one
of them, since it doesn't seam to make mutch sense.
(youll understand in a moment)

1. Edit the StJude_response_default.c file, changing
the #include <sys/mman.h> line to read #include <linux/mman.h>... read more

I have gotten a couple reports of compile warnings
and errors from individuals. It appears there is some
interaction between the versions of glibc and the
kernel. At this time I am trying to determine a matrix
to allow me to determine how best to accomidate the
various versions.

If you experience any compile warnings with the default
compile, please email me the warnings/problems along
with :

-- Version of Kernel you are running.
-- Glibc Version... read more

This release fixes problems in 0.05 that would cause
compiled to fail -- ie, I pulled a DOH!

Changes include inclusion of Redhat 7.0 patch and
alternate response method - redirection of execution.

See Changes file for information.

A Patch for StJude_LKM has been added to the patch
manager. This patch is needed in order to compile StJude
on a Redhat 7.0 system.

The spinlock.h file in redhat 7 refrences some symbols that
are not present on non-smp systems. This seems to be a
issue with spinlock.h file included with redhat 7, and possibly the GCC developmental tree.

The patch is around 800 bytes and defines out the include
line for non-smp systems.... read more

This release of Saint Jude Linux Kernel Module marks the first release of this project on Sourceforge.

This update addresses a honery bug that would arise when a privlaged process called a setuid-non-root program, that
subsiquently would try to run a setuid-root program. The results would not behave as expected, and usualy would result in the setuid-root program as being flagged in violation when infact it was not.... read more