Release Notes: This release includes ports of PaX (non-executable pages and stack/mmap randomization) to alpha, sparc, sparc64, and parisc. Process accounting and log suppression have also been implemented in the ACL system. A fix for the recent ptrace vulnerability has been included in the patch. gradm has been updated for this release.
Release Notes: This release includes over 10,000 lines of changes. These changes include consistently logging full paths, the addition of a full-featured auditing system, randomized TCP ISNs, a new chroot restriction, a new subject flag for the ACL system, and less entropy usage. PaX now has compatibility support for libc5, uClibc, modula-3, and glibc-2.0. In general, all code has been completely rewritten. This release has been verified on i386, ppc, alpha, parisc, and sparc64.
Release Notes: This release adds full-featured auditing to grsecurity. Full paths are logged for every feature, and all in-kernel code has been completely rewritten. PaX has been updated as well to solve compatibility with older libcs. gradm has been updated to 1.7-rc1 for this release.
Release Notes: This release has many changes from 1.9.7, including new chroot restrictions, additional ACL features, and a feature that logs the IP of an attacker with an alert or audit. Changes from -rc2 include the use of sha256 instead of sha1 and flawless support for the SPARC64 architecture, as well as better support for other non-x86 architectures.
Release Notes: A shared memory chroot restriction was added. Two flags which provide automatic local attack response have been added to the ACL system, along with a read-only ptrace flag, and a flag that ensures a process cannot execute any trojaned code. The PaX VM mirroring code has been completely rewritten. /proc restrictions have been redesigned, the IP process correlation code has been improved, and gradm supports more syslog applications.
Release Notes: This version includes a rewrite of ACL system internals. Several new features were added to the ACL system including an override flag, the PaX flags, and a flag that protects the shared memory of the subject. A new feature which prevents modification of the running kernel via /dev/mem and still allows proper execution of XFree86 has been implemented. If an attacker generates any alert or audit, their IP will be logged as well. A full set of secure ACLs for Debian has also been included with the new version of gradm.
Release Notes: A segmentation-based implementation of PaX was included, which provides all the benefits of the page-based implementation and improved performance. Process-based resource restrictions and IP ACLs were added to the ACL system, which is now more stable and faster and contains a feature to stop brute-force exploits and log the IP of the attacker. Kernel stack randomization was added, and Gradm, grsecurity's ACL administration utility, was updated to v1.5.
Release Notes: This release includes the new segmentation-based implementation of non-executable pages from the PaX team, which has all of the features of the previous page-based implementation, yet without the performance hit. The learning mode and new ACL features have been refined, and the ACL system has undergone a rewrite of the core code, which resulted in a 10x performance increase and much better stability. Gradm, the userspace ACL administration tool, has also been updated for this release.
Release Notes: This release includes process-based resource restrictions, IP ACLs (which support all socket types, protocols, IPs with netmasks, and port ranges), an implementation of nergal's segvguard integrated into the ACL system, and an intelligent learning mode that can create least privilege ACLs with no configuration. Gradm, grsecurity's userland ACL administration tool, has also been updated to 1.5-rc1 for this release.
Release Notes: PaX was updated to support 24-bit stack randomness and randomization of ET_EXEC binaries. The ACL system was updated to support a learning mode, and process-based resource restrictions were added. Gradm, the userspace ACL administration tool, was also updated for this release.