grsecurity forums

[ralphy]

CONFIG_PAX_RANDUSTACK=y

They seemed to have gotten rid of the GKERNSERC thing for PAX features so you have to rechoose them evidently :-\

[ralphy]

Oh, sorry heh I'm not 100% sure why its crashing like it is, might be a bug with the new patch that fixes that 'expand_stack()' bug. I was just saying that's why your old config's PAX options didn't work when compiling 2.4.34. I'm sure PAX Team / Spender will see it soon enough and be able to help you more than I can.

[PaX Team]

I had 2 problems with 2.4.34:
I took my 2.4.33.3 config and tried to use it as a base for 2.4.34 and found that some things in grsecurity I had checked before were unchecked (why?).

spender's decision, better ask him, my guess is that he got tired of renaming the PaX options all the time .

And secondly, once I restarted with grsec'd 2.4.34 it crashed and restarted the comp over and over again at:

Code: Select all

Booting processor 1/0 eip 2000


does it still happen if you disable UDEREF?

[PaX Team]

Could this please be fixed, there is exploit code for grsec out now and I have to update but it doesn't work.

I'm on a dual athalon MP server (2Ghz each) with 1gb or ram. Tyran Mobo.

i've just uploaded a new patch for 2.4, can you give it a try (interdiff applies to grsec, the fix is in arch/i386/kernel/head.S)?

[PaX Team]

Where is the new patch located (front page or in cvs etc),

i always put my stuff in http://www.grsecurity.net/~paxguy1/ first, it's also linked from the PaX homepage.

is it a full patch or do I apply the patch to the grsec patch and then apply that to the kernel?

it's always a full patch, but it's PaX only, spender then incorporates it into grsec. normally my changes between two test versions are small and contained enough that if you take the interdiff between them, it'll cleanly apply to grsec (should you not want to wait for spender). as of now, the latest grsec also has the fix, so you can go ahead and try it directly.

[spender]

http://grsecurity.net/~spender/