/[linux-patches]/hardened/2.6/tags/2.6.22-5/4465_grsec-kconfig-gentoo.patch
Gentoo

Contents of /hardened/2.6/tags/2.6.22-5/4465_grsec-kconfig-gentoo.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1121 - (show annotations) (download)
Mon Sep 17 19:41:20 2007 UTC (5 years, 8 months ago) by phreak
File size: 2830 byte(s) 
Tagging 2.6.22-5.
1 From: Ned Ludd <solar@gentoo.org>
2 Description: Add a Hardened Gentoo target to the list of security levels.
3
4 This makes it much easier for beginners to just select what _we_ consider a sane
5 default.
6
7 --- a/grsecurity/Kconfig
8 +++ b/grsecurity/Kconfig
9 @@ -182,6 +182,77 @@ config GRKERNSEC_HIGH
10 - Kernel symbol hiding
11 - Destroy unused shared memory
12 - Prevention of memory exhaustion-based exploits
13 +
14 +config GRKERNSEC_HARDENED
15 + bool "Hardened [Gentoo]"
16 + select GRKERNSEC_AUDIT_CHDIR
17 + select GRKERNSEC_AUDIT_IPC
18 + select GRKERNSEC_AUDIT_MOUNT
19 + select GRKERNSEC_BRUTE
20 + select GRKERNSEC_CHROOT
21 + select GRKERNSEC_CHROOT_CAPS
22 + select GRKERNSEC_CHROOT_CHDIR
23 + select GRKERNSEC_CHROOT_CHMOD
24 + select GRKERNSEC_CHROOT_DOUBLE
25 + select GRKERNSEC_CHROOT_EXECLOG
26 + select GRKERNSEC_CHROOT_FCHDIR
27 + select GRKERNSEC_CHROOT_FINDTASK
28 + select GRKERNSEC_CHROOT_MKNOD
29 + select GRKERNSEC_CHROOT_MOUNT
30 + select GRKERNSEC_CHROOT_NICE
31 + select GRKERNSEC_CHROOT_PIVOT
32 + select GRKERNSEC_CHROOT_SHMAT
33 + select GRKERNSEC_CHROOT_SYSCTL
34 + select GRKERNSEC_CHROOT_UNIX
35 + select GRKERNSEC_DMESG
36 + select GRKERNSEC_EXECLOG
37 + select GRKERNSEC_EXECVE
38 + select GRKERNSEC_FIFO
39 + select GRKERNSEC_FORKFAIL
40 + select GRKERNSEC_HIDESYM
41 + select GRKERNSEC_KMEM if (!MODULES)
42 + select GRKERNSEC_LINK
43 + select GRKERNSEC_MODSTOP if (MODULES)
44 + select GRKERNSEC_PROC
45 + select GRKERNSEC_PROC_ADD
46 + select GRKERNSEC_PROC_IPADDR
47 + select GRKERNSEC_PROC_MEMMAP if (X86 || X86_64)
48 + select GRKERNSEC_PROC_USERGROUP
49 + select GRKERNSEC_RANDNET
50 + select GRKERNSEC_RESLOG
51 + select GRKERNSEC_SHM if (SYSVIPC)
52 + select GRKERNSEC_SIGNAL
53 + select GRKERNSEC_SYSCTL
54 + select GRKERNSEC_TIME
55 + select GRKERNSEC_TPE
56 + select GRKERNSEC_TPE_ALL
57 + select GRKERNSEC_TPE_INVERT
58 + select PAX
59 + select PAX_ASLR
60 + select PAX_DLRESOLVE if (SPARC32 || SPARC64)
61 + select PAX_EMUPLT if (ALPHA || PARISC || PPC32 || SPARC32 || SPARC64)
62 + select PAX_EMUSIGRT if (PARISC)
63 + select PAX_EMUTRAMP if (PARISC)
64 + select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
65 + select PAX_HAVE_ACL_FLAGS
66 + select PAX_KERNEXEC if (!X86_64 && !HOTPLUG_PCI_COMPAQ_NVRAM && !PCI_BIOS)
67 + select PAX_MPROTECT
68 + select PAX_NOEXEC
69 + select PAX_PAGEEXEC if (X86_64 || !X86)
70 + select PAX_PT_PAX_FLAGS
71 + select PAX_RANDKSTACK if (X86_TSC && !X86_64)
72 + select PAX_RANDMMAP
73 + select PAX_RANDUSTACK
74 + select PAX_SEGMEXEC if (X86 && !X86_64)
75 + help
76 + If you say Y here, many of the features of grsecurity and PaX will
77 + be enabled, which will protect you against many kinds of attacks
78 + against your system. The heightened security comes at a cost
79 + of an increased chance of incompatibilities with rare software
80 + on your machine. Since this security level enables PaX, you should
81 + view <http://pax.grsecurity.net> and read about the PaX
82 + project.
83 +
84 config GRKERNSEC_CUSTOM
85 bool "Custom"
86 help
  ViewVC Help
Powered by ViewVC 1.1.13