grsecurity 3.1 for Debian

This could be my last update for debian wheezy of grsecurity since jessie is almost ready and I’m planning to upgrade as soon as I can.
Anyway this 3.1 release updates the longterm stable branch of linux kernel to version 3.2.68 with grsecurity 3.1-20150402182.
Also its userland tool, gradm, has been updated to version 3.1-201503211320.
You should update your kernels since there are a lot of security bug fixes and a new feature (GRKERNSEC_CHROOT_RENAME) has been added to prevent root users from breaking out of a chroot jail “by exploiting a race condition between a rename of a directory within a chroot against an open of a symlink with relative path components. This feature will likewise prevent an accomplice outside a chroot from enabling a user inside the chroot to break out and make use of their credentials on the global filesystem.”
If you want to trust the chroot jail environments you have implemented you should apply this update as soon as you can.


This entry was posted on Monday, April 6th, 2015 at 4:22 PM and is filed under stuff.

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.