RAP function is not visible in kernel config Centos7/Debian 9

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

RAP function is not visible in kernel config Centos7/Debian 9

Postby bryn1u » Wed Apr 26, 2017 6:24 am

Hello guys,

Im wondering why can't i set a RAP functions after kernel patched with grsec.

[root@proton linux]# grep -i gcc_plugins .config
CONFIG_HAVE_GCC_PLUGINS=y
# CONFIG_GCC_PLUGINS is not set
[root@proton linux]#

[root@proton linux]# cat .config | grep -i kernexec
CONFIG_PAX_KERNEXEC=y
[root@proton linux]#


[root@proton linux]# uname -a
Linux proton 4.9.24-grsec #1 SMP Mon Apr 24 21:40:16 CEST 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@proton linux]#


[root@proton linux]# ls grsecurity-3.1-4.9.24-201704220732.patch
grsecurity-3.1-4.9.24-201704220732.patch

[*] Enable various PaX features
| │ PaX Control --->
| │ Non-executable pages --->
| │ Address Space Layout Randomization --->
| │ Miscellaneous hardening features --->
[*] Sanitize all freed memory
[*] Prevent invalid userland pointer dereference
[*] Prevent various kernel object reference counter overflows
-*- Harden memory copies between kernel and userland


Someone can tell me what am i doing wrong ?
bryn1u
 
Posts: 10
Joined: Mon Sep 13, 2010 6:36 am

Re: RAP function is not visible in kernel config Centos7/Debian 9

Postby spender » Wed Apr 26, 2017 7:19 am

# CONFIG_GCC_PLUGINS is not set
^ this is the reason. I'm not sure how you ended up with a config with that disabled, as the default for it is 'y', you must have explicitly disabled it somehow.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA

Re: RAP function is not visible in kernel config Centos7/Debian 9

Postby bryn1u » Wed Apr 26, 2017 8:39 am

spender wrote:# CONFIG_GCC_PLUGINS is not set
^ this is the reason. I'm not sure how you ended up with a config with that disabled, as the default for it is 'y', you must have explicitly disabled it somehow.

-Brad


@Hello Brad,

Thanks for your replay.

I checked on both servers. Just download linux source from kernel.org and patched on Debina 9 then compile etc... and the same way went with Centos 7. I check a little older patch version and got the same effect. Both diffrent systems, both diffrent versions of patch. I think i did it corecltly.
bryn1u
 
Posts: 10
Joined: Mon Sep 13, 2010 6:36 am

Re: RAP function is not visible in kernel config Centos7/Debian 9

Postby spender » Wed Apr 26, 2017 8:54 am

Can you show me what commands you used? Did you copy in some base config? You must have run make oldconfig or make menuconfig or something after that point, which would have chosen the defaults for new options.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA

Re: RAP function is not visible in kernel config Centos7/Debian 9

Postby bryn1u » Thu Apr 27, 2017 10:18 am

spender wrote:Can you show me what commands you used? Did you copy in some base config? You must have run make oldconfig or make menuconfig or something after that point, which would have chosen the defaults for new options.

-Brad


Hello Brad,

I used default config and then make a make menuconfig. There werent mentioned options. I put manually CONFIG_GCC_PLUGINS to the config and then run a make menuconfig and after that those options were available.
I compiled with:
1) make
2) make modules
3) make modules_install
4) make install
5) Grub update etc ... reboot and works well :D

Thanku for your recipe. I couldn't find anywhere soultions.

Regards,
bryn1u
 
Posts: 10
Joined: Mon Sep 13, 2010 6:36 am


Return to grsecurity support

cron