22.07.2010 18:58, Alex Efros пишет:
> So, what's happens with MODSTOP feature, why it was removed?
>From IRC:
tell the guy on the gentoo-hardened list that the option was
removed because it's been duplicated in mainline
Hi!
On Thu, Jul 22, 2010 at 01:42:07PM +0200, "Tóth Attila" wrote:
> However /proc/sys/kernel/modules_disabled is still there. That's why my
> init script hadn't complained.
Hmm. Previously it was /proc/sys/kernel/grsecurity/disable_modules.
That's why my init script had complained. :)
But looks
Interesting: it went unnoticed on my part!
However /proc/sys/kernel/modules_disabled is still there. That's why my
init script hadn't complained.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
2010.Július
Hi!
I've just upgraded to 2.6.32, thanks to hardened team!
At a glance everything is fine, except one thing: I'm unable to find
feature "Runtime module disabling" (CONFIG_GRKERNSEC_MODSTOP).
There new "Harden module auto-loading" (CONFIG_GRKERNSEC_MODHARDEN)
feature, but it looks very different.
