Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 May 2012 23:07:31 +0400
From: Vasily Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com, Eugene Teo <eugeneteo@...il.com>
Cc: Solar Designer <solar@...nwall.com>,
	Petr Matousek <pmatouse@...hat.com>
Subject: Re: [GSoC] featues to port

Eugene,

On Thu, May 03, 2012 at 12:05 +0800, Eugene Teo wrote:
> > > Only 3 or 4 of enhancements are ready for RHEL6 inclusion - HARDEN_PROC,
> > > HARDEN_RLIMIT_NPROC, HARDEN_SHM, and probably HARDEN_LINK.  If we want
> > > to push anything more, it probably should be discussed in the near time.
> > > I'd want to push at least PAX_USERCOPY feature to the upstream and then
> > > to RHEL6.
> >
> > I'd like to hear from the Red Hat folks on this.  I think at least the
> > BINFMT_ELF_AOUT cleanup may be acceptable for RHEL6 as well and without
> > requiring a discussion on LKML first.
> >
> 
> Vasiliy, Al Viro is usually very very busy. Who else would be good at
> looking at this patch?

I suppose Andi Kleen as an author of the first part patch - a.out
binaries loader.  My patch disables a.out libraries, so he might ACK it
too and then Al Viro will just merge it.

> It has to be committed in the upstream kernel before
> we can accept patches for them. I understand that the policy may be
> different from other competitors, but we believe in making sure that the
> community gets it first before we do. Any experimental changes has to be
> committed upstream first.

No problem.  This one should be a look-ack-commit patch.


> Do you have the source rpm for the most recent kernel? I think we should be
> able to get hold of the srpm for you but not the git tree unfortunately. If
> necessary, feel free to ping Petr, and he should be able to get you some
> information.

I search for the latest SRPMs here:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/

The same URL is noted in RHEL security advisories.  I suppose these are
the latest SRPMs.


> I think that you can start filing bugs in bugzilla.redhat.com,
> and backport the ones that are OK.

OK.  I'll include summary/motivation of a feature, URL of LKML
discussion (if any), git ref, and a backported patch for RHEL6.  I hope
I'll start to do it in two days :-)

Thanks,

-- 
Vasily

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ