Release Notes: This is the first public release of grsecurity 2.0-test for Linux 2.6.4. It contains all features of grsecurity 2.0 CVS as of today.
Release Notes: This release includes PaX updates and kernel interpretation of inheritance, resulting in huge memory savings. It has been ported to the 2.4.25 kernel.
Release Notes: With this release, a milestone in the project has been reached. It is now possible to create a policy for the entire system with no configuration. The system performs a complex graph and heuristic analysis to create the policy, and then undergoes an automatic policy audit and correction to ensure the policy is truly least privilege. Learning for an entire role or a single process is supported as well.
Release Notes: Changes in this release include bugfixes and several new object modes that control the creation or modification of files to be setuid or setgid, as well as the creation or deletion of objects. This enables the administrator to create more fine-grained policies. It has been released for the 2.4.21 kernel. gradm has been updated to 2.0-pre5 for this release.
Release Notes: Changes include a complete rewrite of the ACL system, which is now role-based. User, group, and special roles are implemented. IP-based roles, role transition tables, and roles requiring no authentication have been added. In addition, non-root users are allowed to authenticate to special roles.
Release Notes: This release adds full-featured auditing to grsecurity. Full paths are logged for every feature, and all in-kernel code has been completely rewritten. PaX has been updated as well to solve compatibility with older libcs. gradm has been updated to 1.7-rc1 for this release.
Release Notes: A shared memory chroot restriction was added. Two flags which provide automatic local attack response have been added to the ACL system, along with a read-only ptrace flag, and a flag that ensures a process cannot execute any trojaned code. The PaX VM mirroring code has been completely rewritten. /proc restrictions have been redesigned, the IP process correlation code has been improved, and gradm supports more syslog applications.
Release Notes: This version includes a rewrite of ACL system internals. Several new features were added to the ACL system including an override flag, the PaX flags, and a flag that protects the shared memory of the subject. A new feature which prevents modification of the running kernel via /dev/mem and still allows proper execution of XFree86 has been implemented. If an attacker generates any alert or audit, their IP will be logged as well. A full set of secure ACLs for Debian has also been included with the new version of gradm.
Release Notes: This release includes the new segmentation-based implementation of non-executable pages from the PaX team, which has all of the features of the previous page-based implementation, yet without the performance hit. The learning mode and new ACL features have been refined, and the ACL system has undergone a rewrite of the core code, which resulted in a 10x performance increase and much better stability. Gradm, the userspace ACL administration tool, has also been updated for this release.
Release Notes: This release includes process-based resource restrictions, IP ACLs (which support all socket types, protocols, IPs with netmasks, and port ranges), an implementation of nergal's segvguard integrated into the ACL system, and an intelligent learning mode that can create least privilege ACLs with no configuration. Gradm, grsecurity's userland ACL administration tool, has also been updated to 1.5-rc1 for this release.