Re: [vserver] Patch for 2.6.38.4 vserver + GR Security

From: Rik Bobbaers <rik_at_enzoverder.be>
Date: Wed 11 May 2011 - 13:07:53 BST
Message-ID: <46557.193.178.209.212.1305115673.squirrel@www.enzoverder.be>

your patch won't work for a lot of instances...

one of the most important errors you made, is not changing the atomic
values, used by vserver to unchecked atomic values. Bertl uses those
counters so that they can (and are supposed to) overflow. Therefore you
have to change them to "unchecked" atomics.
You will get REFCOUNT overflow bugs in your kernel (and corresponding
panics).

So please... read my "vserver+grsec howto" from a couple of months ago
before taking this project on yourself ;)

read this thread first:
http://archives.linux-vserver.org/201011/0001.html

KR

Rik Bobbaers

-- http://harry.enzoverder.be

> http://sandino.araico.net/parches/vserver/patch-2.6.38.4-vs2.3.0.37-rc15-grsec-2.2.2-201104232142-KB1.diff
>
> --
> Sandino Araico Sánchez
> http://sandino.net
>
>
Received on Wed May 11 13:08:05 2011

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 11 May 2011 - 13:08:05 BST by hypermail 2.1.8