Robert Tomsick

grsecurity for Debian Stable 5.0 (Lenny)

NB: The patch below no longer applies to the current Lenny kernel. I'll fix this at some point when I have more free time.

A while ago I became interested in grsecurity. After the recent rash of kernel bugs, I decided to see if I couldn't use grsecurity to harden my system a bit. Debian had a source package with a version the grsecurity patch made against the stable kernel sources in the stable repo, so I figured I was all set.

Unfortunately, the patch doesn't apply cleanly to the current kernel sources for the stable kernel (2.6.26-19 as of this writing); several hunks are rejected.

The fixes necessary seem to be fairly straightforward. I've updated the patch to apply cleanly against the latest sources for Lenny's stable kernel. I've been running this on my primary machine for a while, but I'm not confident enough in my kernel-hacking to want to submit this as a proposed patch. If you're feeling somewhat adventuresome you're welcome to give it a try.

You can grab the revised patch below. Please let me know how it works for you (or if it fails to work for you.)

Download

For 2.6.26-19

grsecurity-2.1.12-2.6.26.3-200809012141-hackport-to-2.6.26-19.patch

Home
Contact
Projects / Software
Misc.
Design