On Thu, 17 Oct 2002 17:53, WebMaster wrote: > hello, > > can i safely apply the grsecurity patch?
Yes. It does nothing by default. The patch version in woody has a build bug, so you'll have to hit it with a stick first: -----------------------------8<---------------------------- The problem is in the patch snippet below. It sets the EXTRAVERSION which is now apparently against Debian policy. If you find a kernel patch package that touches EXTRAVERSION then file a bug report asking that it be removed. Also you should probably file a wishlist bug report against kernel-package requesting that it report this BEFORE compilation to save you wasting time waiting for a compile that is eventually aborted. diff -urN linux/Makefile linux/Makefile --- linux/Makefile 2002-08-02 11:20:20.000000000 -0400 +++ linux/Makefile 2002-08-01 19:21:55.000000000 -0400 @@ -1,7 +1,7 @@ VERSION = 2 PATCHLEVEL = 4 SUBLEVEL = 19 -EXTRAVERSION = +EXTRAVERSION = -grsec ------------------------------------8<--------------------------------- (Fix courtesy of Russel Coker; I applied a similar fix directly to the patch itself, by hand). > if this patch make servers more secure just by apply it (without acl), > why isn it applied by default? Many of the features can cause things to break, depending on what you have running on your system - even the non-executable stack code, which is all I'm running at the moment. The help attached to each option is fairly good, so with a little experimentation, you'll be able to find a set of options suitable for your setup. John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]