Hi,
during compilation of HLFS SVN-20051102 I had following issues:
--- procps.xml~ Sun Nov 6 09:35:32 2005
+++ procps.xml Sun Nov 6 09:35:37 2005
@@ -30,7 +30,7 @@
<para>Apply a patch to ... EDIT ME</para>
-<screen><userinput>patch -Np1 -i
../procps-3.2.5-hardened_cflags-1.patch</userinput></screen>
+<screen><userinput>patch -Np1 -i
../procps-3.2.6-hardened_cflags-1.patch</userinput></screen>
<para>Compile the package:</para>
(obvious one: patch name should be increased)
--- shadow.xml~ Sun Nov 6 09:34:23 2005
+++ shadow.xml Sun Nov 6 09:34:15 2005
@@ -82,7 +82,7 @@
<screen><userinput>sed -e'[EMAIL PROTECTED]@MD5_CRYPT_ENAB yes@' \
-e 's@/var/spool/mail@/var/mail@' \
- etc/login.defs.linux > etc/login.defs.new
+ etc/login.defs > etc/login.defs.new
install -m644 etc/login.defs.new /etc/login.defs</userinput></screen>
<para>Move a misplaced program to its proper location:</para>
(in the latest shadow package there is no login.defs.linux anymore)
I have activated all grsecurity options in kernel, except
* auditing options
* CONFIG_PAX_SOFTMODE
* CONFIG_PAX_EI_PAX
* CONFIG_PAX_EMUTRAMP
* CONFIG_GRKERNSEC_TPE_ALL
* CONFIG_GRKERNSEC_KMEM
* CONFIG_GRKERNSEC_IO
(i.e. I left out the options that were noted as "should not" in the book)
When I try to execute /bin/ps with this kernel I get:
ps: error while loading shared libraries: cannot make segment writable for
relocation: Permission denied
I had to disable MPROTECT with paxctl for /bin/ps:
# paxctl -m /bin/ps
Tobias Stoeckmann
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
