Re: [vserver] Patch for 2.6.38.4 vserver + GR Security

From: Sandino Araico Sánchez <sandino_at_sandino.net>
Date: Thu 12 May 2011 - 09:49:36 BST
Message-ID: <4DCB9F20.1020808@sandino.net>

I found this message in the list archives:

On 08/11/10 07:02, Rik Bobbaers wrote:
> grep for "unchecked" in the kernel/verver subdirectory (of a vserver+grsec
> patch that i made before)...

I dedicated little time to merging this patch but seems that I will need
to pay deeper attention to these atomic definitions you mention to have
the server processes working for more than 5 minutes.

I don't have much time but I need a working 2.6.38 kernel so I will keep
trying to fix it.

On 11/05/11 07:07, Rik Bobbaers wrote:
> your patch won't work for a lot of instances...
>
> one of the most important errors you made, is not changing the atomic
> values, used by vserver to unchecked atomic values. Bertl uses those
> counters so that they can (and are supposed to) overflow. Therefore you
> have to change them to "unchecked" atomics.
> You will get REFCOUNT overflow bugs in your kernel (and corresponding
> panics).
>
> So please... read my "vserver+grsec howto" from a couple of months ago
> before taking this project on yourself ;)
>
> read this thread first:
> http://archives.linux-vserver.org/201011/0001.html
>
> KR
>
> Rik Bobbaers
>
> -- http://harry.enzoverder.be
>
>> http://sandino.araico.net/parches/vserver/patch-2.6.38.4-vs2.3.0.37-rc15-grsec-2.2.2-201104232142-KB1.diff
>>
>> --
>> Sandino Araico Sánchez
>> http://sandino.net
>>
>>

-- 
Sandino Araico Sánchez
http://sandino.net
Received on Thu May 12 09:49:20 2011
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 12 May 2011 - 09:49:20 BST by hypermail 2.1.8