Brian A. Davis wrote:
> emerge brought into 3.0.24. Now I'm hosed :(.
>
> Anyone else seeing this:
>
> smbd: stack smashing attack in function
open_sockets_smbd()
>
> Thanks,
> Brian
>
>
>
>
No problems here. Did you file a bug with various emerge
--info and
whatnot? Here's some of my info just for comparison. No
grsec policies
defined yet.
# emerge --info && emerge -pv samba
Portage 2.1.2-r9 (hardened/x86/2.6, gcc-3.4.6,
glibc-2.3.6-r5,
2.6.17-hardened-r1 i686)
============================================================
=====
System uname: 2.6.17-hardened-r1 i686 Intel(R) Xeon(TM) CPU
3.00GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Tue, 13 Mar 2007 06:00:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default
port 3632)
[enabled]
ccache version 2.4 [enabled]
dev-lang/python: 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: 2.4-r6
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.60
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3,
1.9.6-r2, 1.10
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe -fforce-addr"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/hotplug
/etc/hotplug.d
/etc/init.d /etc/revdep-rebuild /etc/terminfo
/etc/udev"
CXXFLAGS="-march=pentium4 -O2 -pipe -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildpkg ccache collision-protect
distcc distlocks
metadata-transfer parallel-fetch sandbox sfperms strict
userfetch"
GENTOO_MIRRORS="http://gentoo.che
m.wisc.edu/gentoo/
ftp://gentoo.chem.wisc.edu/gentoo/ http://gentoo.mi
rrors.tds.net/gentoo
ftp://gentoo.mirrors.tds.net/gentoo http://gentoo.osuosl.org/
ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/
http://distro.ibiblio.org/pub/linux/distributions/gento
o/
http://distfiles.ge
ntoo.org"
MAKEOPTS="-j5"
PKGDIR="/mnt/build/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links
--perms --times
--compress --force --whole-file --delete --delete-after
--stats
--timeout=180 --exclude=/distfiles --exclude=/local
--exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/mnt/build/portage"
PORTDIR_OVERLAY="/mnt/build/portage-local"
SYNC="rsync://tux-mc.hslc.wisc.edu/gentoo-portage"
USE="acl acpi apache2 bash-completion berkdb bzip2 caps
chroot cracklib
crypt erandom fam gmp gpm hardened jpeg lm_sensors logrotate
maildir mmx
ncurses nls nptl pam pcre perl pic png python readline smp
snmp sse sse2
ssl syslog tcpd threads vhosts x86 xattr xml xpm"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare
dsnoop empty extplug
file hooks iec958 ioplug ladspa lfloat linear meter mulaw
multi null
plug rate route share shm softvol"
ELIBC="glibc" INPUT_DEVICES="mouse
keyboard" KERNEL="linux"
LCD_DEVICES="bayrad cfontz cfontz633 glk
hd44780 lb216 lcdm001 mtxorb ncurses text"
USERLAND="GNU"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG,
LC_ALL,
LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS,
PORTAGE_RSYNC_EXTRA_OPTS
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] net-fs/samba-3.0.24 USE="acl caps%*
fam pam python
readline syslog -async -automount -cups -doc -examples
-kerberos -ldap
-oav -quotas (-selinux) -swat -winbind"
LINGUAS="-ja -pl" 0 kB
Total: 1 package (1 reinstall), Size of downloads: 0 kB
# grep -i 'sec|pax' /usr/src/linux/.config
CONFIG_SECCOMP=y
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_REISERFS_FS_SECURITY=y
CONFIG_XFS_SECURITY=y
# CONFIG_RPCSEC_GSS_KRB5 is not set
# CONFIG_RPCSEC_GSS_SPKM3 is not set
# Security options
# PaX
CONFIG_PAX=y
# PaX Control
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
CONFIG_PAX_NOEXEC=y
# CONFIG_PAX_PAGEEXEC is not set
CONFIG_PAX_SEGMEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_NOELFRELOCS is not set
# CONFIG_PAX_KERNEXEC is not set
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_NOVSYSCALL=y
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_UDEREF is not set
# Grsecurity
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
CONFIG_GRKERNSEC_CUSTOM=y
CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_IO=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
CONFIG_GRKERNSEC_HIDESYM=y
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
CONFIG_GRKERNSEC_AUDIT_GROUP=y
CONFIG_GRKERNSEC_AUDIT_GID=10005
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
CONFIG_GRKERNSEC_AUDIT_CHDIR=y
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_AUDIT_IPC=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_SHM=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_RANDPID=y
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
# CONFIG_GRKERNSEC_TPE_INVERT is not set
CONFIG_GRKERNSEC_TPE_GID=10006
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=10004
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=10003
CONFIG_GRKERNSEC_SOCKET_SERVER=y
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=10002
CONFIG_GRKERNSEC_SYSCTL=y
# CONFIG_GRKERNSEC_SYSCTL_ON is not set
CONFIG_GRKERNSEC_FLOODTIME=5
CONFIG_GRKERNSEC_FLOODBURST=5
CONFIG_SECURITY=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_SECURITY_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_SECURITY_SECLVL is not set
--
gentoo-hardened gentoo.org mailing list
|
