summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2016-10-11 12:59:38 -0400
committerAnthony G. Basile <blueness@gentoo.org>2016-10-11 12:59:38 -0400
commite18599fdb6d5103524c963e63a505efea4a5d693 (patch)
tree04abfadc60d630d1402cd8ed93011071b9b63ea4 /4.7.7/4440_grsec-remove-protected-paths.patch
parentgrsecurity-3.1-4.7.6-201609301918 (diff)
downloadhardened-patchset-e18599fdb6d5103524c963e63a505efea4a5d693.tar.gz
hardened-patchset-e18599fdb6d5103524c963e63a505efea4a5d693.tar.bz2
hardened-patchset-e18599fdb6d5103524c963e63a505efea4a5d693.zip
grsecurity-3.1-4.7.7-20161010190220161010
Diffstat (limited to '4.7.7/4440_grsec-remove-protected-paths.patch')
-rw-r--r--4.7.7/4440_grsec-remove-protected-paths.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/4.7.7/4440_grsec-remove-protected-paths.patch b/4.7.7/4440_grsec-remove-protected-paths.patch
new file mode 100644
index 0000000..741546d
--- /dev/null
+++ b/4.7.7/4440_grsec-remove-protected-paths.patch
@@ -0,0 +1,20 @@
+From: Anthony G. Basile <blueness@gentoo.org>
+
+We don't want GRSEC's Makefile to change permissions on paths in
+the filesystem.
+
+diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
+--- a/grsecurity/Makefile 2011-10-19 20:42:50.000000000 -0400
++++ b/grsecurity/Makefile 2011-10-19 20:45:08.000000000 -0400
+@@ -44,11 +44,4 @@
+ ifdef CONFIG_GRKERNSEC_HIDESYM
+ extra-y := grsec_hidesym.o
+ $(obj)/grsec_hidesym.o:
+- @-chmod -f 500 /boot
+- @-chmod -f 500 /lib/modules
+- @-chmod -f 500 /lib64/modules
+- @-chmod -f 500 /lib32/modules
+- @-chmod -f 700 .
+- @-chmod -f 700 $(objtree)
+- @echo ' grsec: protected kernel image paths'
+ endif