Projects / grsecurity / Releases / Major feature enhancements

RSS All releases tagged Major feature enhancements

Release Notes: Changes in this version include PaX updates, a new configuration file for full learning, updated learning heuristics, id transitions in learning, grlearn performance enhancements, significant RBAC performance enhancements, a new inheritance-based learning mode, a destruction of unused shared memory feature from Openwall, an option for sysctl that enables all grsecurity options at boot-time, policy statistics in gradm, and a hardlink object mode in the RBAC system. This version has been released for the 2.4.28 and 2.6.10 kernels.

Release Notes: Domain support was added. Regex matching was enhanced. Automatic exploit bruteforce deterrence was added. Directories are included in RBAC configuration. RBAC-contextual logging was added. Memory usage was reduced. PaX was updated. Bugfixes were made. An important security issue that allowed protected processes in the RBAC system to be killed has been resolved. gradm has been updated to 2.0.1 for this release.

Release Notes: This release features role-based access control allowing user, group, and special roles, role transition tables, IP-based roles, non-root access to special roles, and special roles that require no authentication. It supports finer-grained object permissions as well as kernel interpretation of inheritance and globbed objects. Full pathnames for the offending process and parent process are included in all logs. It is able to produce least privilege policies for the entire system with no configuration.

Release Notes: With this release, a milestone in the project has been reached. It is now possible to create a policy for the entire system with no configuration. The system performs a complex graph and heuristic analysis to create the policy, and then undergoes an automatic policy audit and correction to ensure the policy is truly least privilege. Learning for an entire role or a single process is supported as well.

Release Notes: Changes in this release include bugfixes and several new object modes that control the creation or modification of files to be setuid or setgid, as well as the creation or deletion of objects. This enables the administrator to create more fine-grained policies. It has been released for the 2.4.21 kernel. gradm has been updated to 2.0-pre5 for this release.

Release Notes: Changes include a complete rewrite of the ACL system, which is now role-based. User, group, and special roles are implemented. IP-based roles, role transition tables, and roles requiring no authentication have been added. In addition, non-root users are allowed to authenticate to special roles.

Release Notes: This release includes new features from PaX: non-executable and read-only kernel pages for i386, randomization of executable base for Alpha, SPARC, SPARC64, and PA-RISC, and randomization of the stack and mmap bases for PowerPC. gradm has been updated to 1.9.9f.

Release Notes: This release includes ports of PaX (non-executable pages and stack/mmap randomization) to alpha, sparc, sparc64, and parisc. Process accounting and log suppression have also been implemented in the ACL system. A fix for the recent ptrace vulnerability has been included in the patch. gradm has been updated for this release.

Release Notes: This release includes over 10,000 lines of changes. These changes include consistently logging full paths, the addition of a full-featured auditing system, randomized TCP ISNs, a new chroot restriction, a new subject flag for the ACL system, and less entropy usage. PaX now has compatibility support for libc5, uClibc, modula-3, and glibc-2.0. In general, all code has been completely rewritten. This release has been verified on i386, ppc, alpha, parisc, and sparc64.

Release Notes: This release adds full-featured auditing to grsecurity. Full paths are logged for every feature, and all in-kernel code has been completely rewritten. PaX has been updated as well to solve compatibility with older libcs. gradm has been updated to 1.7-rc1 for this release.

Screenshot

Project Spotlight

gslapt

A GTK version of slapt-get.

Screenshot

Project Spotlight

libxmp

A mod player library.