grsecurity changelog

02/07/02 -- grsecurity-1.9.4
fix fifo restrictions          
change random pid code to use the random id code, then just do a pid =
random_id() % MAXPID;
get rid of the random initialization checks
change random tcp source ports option to use random_id() instead of
get_random_bytes()
make the randomttl code use jiffies instead of random unsigned long.
make randomttl use sysctl default ttl
remove old pid code from exit.c
remove old network randomness code
remove stray whitespace patches   
cut ptrace logging into its own option
cut dmesg restriction into its own option
include the stealth iptables module
*****massively***** (yes, really) updated acl system (requires gradm 1.2)
merge sysctl setup for gracl and grsecurity
remove development lomac code
change code for tpe glibc option to clean environment, and only for
certain envvars
add code to acl system to clean environment for apps with process acls
credit to jMh for helping debug the acl system
fixed bug with acl system causing crashes when not enabled
fixed compiler warning with gracl.c
fixed logging problems with acl system
added additional proc restrictions
only allow fixed mmap restrictions when pax is enabled
fixed mount logging code so it logs unmounts and remounts
fixed mount logging code so it only logs successful *mounts
added fchdir support to chdir auditing
added low/med/high/customized security levels
fix secure fd code...no more crashes
change dropped capabilities for chroot cap code, so it can be enabled 
without breaking almost any app
fixed tpe code to use new mmap checks
added root denied capability logging
update in-kernel acl documentation
added randomized rpc xids option
thanks to cdub for helping debug acl locking
added better locking support
added acl integrity checks
added no permission flag for acls
fixed mmap checks with interpreters
added capability inheritance
made config parsing more dynamic in handling spaces
fixed init mode
changed chcaps behavior
fixed low/medium/high security settings to unset
higher security settings when lower security settings are
selected afterwards (instead of leaving them on)
make create code honor overwrite flag
fixed sys_rename code

01/20/02 -- grsecurity-1.9.3
removed enhanced network randomness option
removed stealth networking options
added audit group
added auditing of ipc, chdir, and unmount/mount
cleaned up random id code...should be faster now
put null checks in socket restrictions
added read-only kernel memory
added mmap restrictions that stop one form of PaX evasion
fixed rpm's incompatibility with the chroot cap restrictions

12/12/01 -- grsecurity-1.9.2

fixed define problem with ptrace group 
acl fixes
removed references to oblivion, it's now the grsecurity acl system,
and requires gradm now, not obvadm, since acls are placed in /etc/grsec
removed unnecessary patches
logging updates
documentation update for ipc permission feature

12/6/01 -- grsecurity-1.9.1

fixed problem with grsec_lock locking all sysctl entries
fixed problem with socket restrictions
split up the chroot options
added additional chroot restriction (more to come)
added altered default ipc object permissions option (thanks to ajax)
 -ajax@firest0rm.org
rewrote random tcp source ports option
small changes to stealth and logging features
added console restrictions

11/25/01 -- grsecurity-1.9

rewrote stealth udp
rewrote stealth icmp (now handles all icmp packets)
rewrote stealth rst  (now only operates on unserved tcp ports)
added logging for unserved udp, tcp
added logging for icmp
note about stealth options:  as of now it allows any packets along the
local looback, since i've found if the server drops these packets, the
system crawls to a halt and won't allow logins (applies to udp and icmp)
added restricted ptrace support (mainly ported from hap-linux)
fixed chroot ptrace restriction
fixed problem with linking restrictions if option was enabled, but sysctl
value was disabled
rewrote sysctl support (used idea from Per Erik Stendahl [PerErik@onedial.se])
now all options are disabled at bootup, until manually enabled.  All 
options are mutable until the grsec_lock sysctl entry is enabled.
changed chroot macros
small logging changes dealing with chroot
put macro in signal logging option

11/19/01 -- grsecurity-1.8.9

fixed kernel panics with chroot protection
rewrote parts of secure fds
rewrote /proc restrictions
created proc_priv_mkdir() function that has mode as an argument
individual files in /proc/net/ are now not restricted, whole
/proc/net dir is restricted
added restriction to /proc/sys and /proc/tty/driver
fixed patch compatability with ext3
added inode/dev to exec logging
removed extra line/removed line patches

11/12/01 -- grsecurity-1.8.8

fixed problem with socket restrictions not closing sockets
added support to /proc restrictions to deny dmesg(8)
added support to /proc restrictions to deny access to module and symbol info
removed some useless openwall code (2.4 now natively supports 
bounds-checking string copying routines, and uses them for syslogging)
added documentation for all options
revised documentation for certain options
macro-ized all default logging strings and arguments
macro-ized chroot checks
(last two changes have cleaned the code up a lot...proper formatting,
spacing, etc will be complete in v1.9)
removed some old code that's not in use
changed chroot options so you don't need one to use another
removed some unnecessary checks in the chroot protection for signals
fixed incorrectness of random pid code
fixed problem with /proc and new features

11/8/01 -- grsecurity-1.8.7

merged oblivion fixes
-fixed XFree86 problems
-needless options removed
updated PaX code

10/30/01 -- grsecurity-1.8.6

fixed some possible issues with random mmap.  put in check for openwall and random mmap, since
they are not compatible with each other.  Unless you have an important reason not to, you should
use PaX...http://pageexec.virtualave.net  The guys who work on it do a great job...send em an email
thanking them.

merged michael's new oblivion acl code
changes:

fixed "double pid" bug with hidden processes
fixed strange panics with symlink
fixed numerous possible bugs with the hooks in the VFS layer


10/25/01 -- grsecurity-1.8.5

merged michael's new oblivion acl code
changes:

Fixed numerous config file parsing problems with large config files

Fixed bug with certain special cases in kill(). All kill() support is
totally implemented.

10/24/01 -- grsecurity-1.8.5

Updated code to 2.4.13

10/23/01 -- grsecurity-1.8.5

moved the grsecurity enabled/disabled stuff out of sysctl.c, so grsecurity
will still compile if sysctl isn't enabled (meaning the kernel sysctl, not
grsecurity sysctl).  Also put a check in the config so sysctl support won't
be an option if the kernel sysctl support isn't enabled.  the variables
are now in kernel/grsecurity.c

10/22/01 -- grsecurity-1.8.5

fixed nasty random mmap bug...my fault

10/21/01 -- grsecurity 1.8.5

created new exec_group_logging sysctl value for the GRKERNSEC_EXECLOG_GROUP
option.  Make sure to enable this sysctl option (by setting to to a value
greater than zero) and also the exec_logging_gid, to the gid you choose.


10/16/01 -- grsecurity 1.8.4

changed random ip id code again...this time it's just a port of openbsd's
random ip id code (involves some complex math and crypto ideas i would
never come up with)..the port to linux was done by antirez..i ported it
to 2.4.  I also cleaned up the code a lot and fixed some parts where it
didn't honor the sysctl value
fixed SMP problems with randomized PIDs for good.
fixed problem with random ttl and certain options enabled as modules.
updated documentation

10/15/01 -- grsecurity 1.8.4

changed random ip id code to not use get_random_bytes...much faster now


10/14/01 -- grsecurity 1.8.3

fixed problem when random ip id wasn't selected
set initial value of ip id to xtime.tv_usec, then randomize first half
added missing ALIGN for PaX
modified PaX code to allow random mmaping even when PaX is not enabled
openwall can now be enabled with random mmaping
fixed fork bomb protection so it uses kernel functions instead of syscalls
changed logging info to start with "grsec"
fixed oblivion to handle the pid=0 case
removed redundant checks in chroot signal patch
made chroot use the set_fs_pwd() function instead of sys_chdir().
new option: exec logging for single group
new option: suid logging for root only
documentation updates
fixed extra whitespace in exec.c

10/12/01  -- created changelog
