diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2012-06-18 08:45:44 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2012-06-18 08:45:44 -0400 |
commit | 230909a311c93618d18dd8cb92ba15bea420bd07 (patch) | |
tree | b024633b4faba3df9cb08c058f3f2d9b83608af2 /3.4.3/4460-grsec-kconfig-proc-user.patch | |
parent | Grsec/PaX: 2.9-{2.6.32.59,3.2.20,3.4.2}-201206160836 (diff) | |
download | hardened-patchset-230909a311c93618d18dd8cb92ba15bea420bd07.tar.gz hardened-patchset-230909a311c93618d18dd8cb92ba15bea420bd07.tar.bz2 hardened-patchset-230909a311c93618d18dd8cb92ba15bea420bd07.zip |
Grsec/PaX: 2.9-{2.6.32.59,3.2.20,3.4.3}-20120617183620120617
Diffstat (limited to '3.4.3/4460-grsec-kconfig-proc-user.patch')
-rw-r--r-- | 3.4.3/4460-grsec-kconfig-proc-user.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/3.4.3/4460-grsec-kconfig-proc-user.patch b/3.4.3/4460-grsec-kconfig-proc-user.patch new file mode 100644 index 0000000..b2b3188 --- /dev/null +++ b/3.4.3/4460-grsec-kconfig-proc-user.patch @@ -0,0 +1,26 @@ +From: Anthony G. Basile <blueness@gentoo.org> + +Address the mutually exclusive options GRKERNSEC_PROC_USER and GRKERNSEC_PROC_USERGROUP +in a different way to avoid bug #366019. This patch should eventually go upstream. + +diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig +--- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 ++++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 +@@ -680,7 +680,7 @@ + + config GRKERNSEC_PROC_USER + bool "Restrict /proc to user only" +- depends on GRKERNSEC_PROC ++ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USERGROUP + help + If you say Y here, non-root users will only be able to view their own + processes, and restricts them from viewing network-related information, +@@ -688,7 +688,7 @@ + + config GRKERNSEC_PROC_USERGROUP + bool "Allow special group" +- depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER ++ depends on GRKERNSEC_PROC + help + If you say Y here, you will be able to select a group that will be + able to view all processes and network-related information. If you've |