issues with hlfs svn-20051102

Tobias Stoeckmann tobias at bugol.de
Sun Nov 6 00:57:20 PST 2005


Hi,

during compilation of HLFS SVN-20051102 I had following issues:

--- procps.xml~ Sun Nov  6 09:35:32 2005
+++ procps.xml  Sun Nov  6 09:35:37 2005
@@ -30,7 +30,7 @@

 <para>Apply a patch to ... EDIT ME</para>

-<screen><userinput>patch -Np1 -i ../procps-3.2.5-hardened_cflags-1.patch</userinput></screen>
+<screen><userinput>patch -Np1 -i ../procps-3.2.6-hardened_cflags-1.patch</userinput></screen>

 <para>Compile the package:</para>

(obvious one: patch name should be increased)

--- shadow.xml~ Sun Nov  6 09:34:23 2005
+++ shadow.xml  Sun Nov  6 09:34:15 2005
@@ -82,7 +82,7 @@

 <screen><userinput>sed -e's@#MD5_CRYPT_ENAB.no at MD5_CRYPT_ENAB yes@' \
     -e 's@/var/spool/mail@/var/mail@' \
-    etc/login.defs.linux > etc/login.defs.new
+    etc/login.defs > etc/login.defs.new
 install -m644 etc/login.defs.new /etc/login.defs</userinput></screen>

 <para>Move a misplaced program to its proper location:</para>

(in the latest shadow package there is no login.defs.linux anymore)


I have activated all grsecurity options in kernel, except

* auditing options
* CONFIG_PAX_SOFTMODE
* CONFIG_PAX_EI_PAX
* CONFIG_PAX_EMUTRAMP
* CONFIG_GRKERNSEC_TPE_ALL
* CONFIG_GRKERNSEC_KMEM
* CONFIG_GRKERNSEC_IO
(i.e. I left out the options that were noted as "should not" in the book)

When I try to execute /bin/ps with this kernel I get:

ps: error while loading shared libraries: cannot make segment writable for relocation: Permission denied

I had to disable MPROTECT with paxctl for /bin/ps:

# paxctl -m /bin/ps


Tobias Stoeckmann



More information about the hlfs-dev mailing list