Page 1 of 1

RAP function is not visible in kernel config Centos7/Debian 9

PostPosted: Wed Apr 26, 2017 6:24 am
by bryn1u
Hello guys,

Im wondering why can't i set a RAP functions after kernel patched with grsec.

[root@proton linux]# grep -i gcc_plugins .config
CONFIG_HAVE_GCC_PLUGINS=y
# CONFIG_GCC_PLUGINS is not set
[root@proton linux]#

[root@proton linux]# cat .config | grep -i kernexec
CONFIG_PAX_KERNEXEC=y
[root@proton linux]#


[root@proton linux]# uname -a
Linux proton 4.9.24-grsec #1 SMP Mon Apr 24 21:40:16 CEST 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@proton linux]#


[root@proton linux]# ls grsecurity-3.1-4.9.24-201704220732.patch
grsecurity-3.1-4.9.24-201704220732.patch

[*] Enable various PaX features
| │ PaX Control --->
| │ Non-executable pages --->
| │ Address Space Layout Randomization --->
| │ Miscellaneous hardening features --->
[*] Sanitize all freed memory
[*] Prevent invalid userland pointer dereference
[*] Prevent various kernel object reference counter overflows
-*- Harden memory copies between kernel and userland


Someone can tell me what am i doing wrong ?

Re: RAP function is not visible in kernel config Centos7/Debian 9

PostPosted: Wed Apr 26, 2017 7:19 am
by spender
# CONFIG_GCC_PLUGINS is not set
^ this is the reason. I'm not sure how you ended up with a config with that disabled, as the default for it is 'y', you must have explicitly disabled it somehow.

-Brad

Re: RAP function is not visible in kernel config Centos7/Debian 9

PostPosted: Wed Apr 26, 2017 8:39 am
by bryn1u
spender wrote:# CONFIG_GCC_PLUGINS is not set
^ this is the reason. I'm not sure how you ended up with a config with that disabled, as the default for it is 'y', you must have explicitly disabled it somehow.

-Brad


@Hello Brad,

Thanks for your replay.

I checked on both servers. Just download linux source from kernel.org and patched on Debina 9 then compile etc... and the same way went with Centos 7. I check a little older patch version and got the same effect. Both diffrent systems, both diffrent versions of patch. I think i did it corecltly.

Re: RAP function is not visible in kernel config Centos7/Debian 9

PostPosted: Wed Apr 26, 2017 8:54 am
by spender
Can you show me what commands you used? Did you copy in some base config? You must have run make oldconfig or make menuconfig or something after that point, which would have chosen the defaults for new options.

-Brad

Re: RAP function is not visible in kernel config Centos7/Debian 9

PostPosted: Thu Apr 27, 2017 10:18 am
by bryn1u
spender wrote:Can you show me what commands you used? Did you copy in some base config? You must have run make oldconfig or make menuconfig or something after that point, which would have chosen the defaults for new options.

-Brad


Hello Brad,

I used default config and then make a make menuconfig. There werent mentioned options. I put manually CONFIG_GCC_PLUGINS to the config and then run a make menuconfig and after that those options were available.
I compiled with:
1) make
2) make modules
3) make modules_install
4) make install
5) Grub update etc ... reboot and works well :D

Thanku for your recipe. I couldn't find anywhere soultions.

Regards,