Projects / grsecurity / Releases

All releases of grsecurity

  •  13 Dec 2007 19:22
Avatar

    Release Notes: Fixes to PaX flag support in RBAC system. PaX updates for non-x86 architectures in 2.4.34 patch. A setpgid in chroot problem has been fixed. The randomized PIDs feature has been removed. This release fixes /proc usage in a chroot in 2.6 patch. It adds an admin role to generated policy from full learning. It resynchronizes the PaX code in the 2.4 patch. It has been updated to Linux 2.4.34 and 2.6.19.2.

    •  14 Aug 2006 03:24
    Avatar

      Release Notes: Changes include RBAC system bugfixes and two new PaX features, one which deters physical memory forensics by an attacker, and another that prevents an entire class of kernel vulnerabilities from being exploited. Updated to the 2.4.33 and 2.6.17.8 Linux kernels.

      •  15 Jan 2006 20:45
      Avatar

        Release Notes: Changes in this release include new PaX flag support in the RBAC system, interface support for RBAC network policies, additional gradm analysis, a sysctl variable for disabling the ability to load or unload kernel modules at runtime, PaX updates, and a fix for a serious RBAC bug where an admin role could be left on a restarted service if the admin exited his shell without unauthenticating from the role first.

        •  13 Nov 2005 22:25
        Avatar

          Release Notes: This release for the 2.4.32-rc3 and 2.6.14.2 Linux kernels overhauls the internals of the RBAC system, converting searching and storing of policy information to chained hash tables. Several important bugs have been fixed, and PaX has been updated for this release.

          •  05 Mar 2005 10:18
          Avatar

            Release Notes: This release removes some unnecessary features, adds hostname support in RBAC policy configuration, improves log consistency, and fixes a critical PaX vulnerability.

            •  25 Jan 2005 00:17
            Avatar

              Release Notes: This release adds gradm bugfixes, more configurable learning heuristics, automatic tty sniffing detection in the RBAC system, and fixes for hidden file support.

              •  07 Jan 2005 22:09
              Avatar

                Release Notes: Changes in this version include PaX updates, a new configuration file for full learning, updated learning heuristics, id transitions in learning, grlearn performance enhancements, significant RBAC performance enhancements, a new inheritance-based learning mode, a destruction of unused shared memory feature from Openwall, an option for sysctl that enables all grsecurity options at boot-time, policy statistics in gradm, and a hardlink object mode in the RBAC system. This version has been released for the 2.4.28 and 2.6.10 kernels.

                •  21 Nov 2004 04:01
                Avatar

                  Release Notes: This release includes PaX updates, chroot restriction fixes, RBAC fixes, a complete logging system rewrite, and dramatic memory and CPU usage improvements for learning analysis and policy auto-generation.

                  •  08 Aug 2004 13:46
                  Avatar

                    Release Notes: Domain support was added. Regex matching was enhanced. Automatic exploit bruteforce deterrence was added. Directories are included in RBAC configuration. RBAC-contextual logging was added. Memory usage was reduced. PaX was updated. Bugfixes were made. An important security issue that allowed protected processes in the RBAC system to be killed has been resolved. gradm has been updated to 2.0.1 for this release.

                    •  18 Apr 2004 05:41
                    Avatar

                      Release Notes: This release features role-based access control allowing user, group, and special roles, role transition tables, IP-based roles, non-root access to special roles, and special roles that require no authentication. It supports finer-grained object permissions as well as kernel interpretation of inheritance and globbed objects. Full pathnames for the offending process and parent process are included in all logs. It is able to produce least privilege policies for the entire system with no configuration.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.