[OpenAFS-devel] OpenAFS and grsecurity
Deven Lahoti
deywos@mit.edu
Tue, 7 Jun 2016 20:56:37 -0400
--94eb2c1231e477ee7b0534b9c95e
Content-Type: text/plain; charset=UTF-8
I patched OpenAFS to work on Gentoo Hardened 4.4.8-r1; it just required a
few changes in struct initializations to work with struct randomization.
Looking at old messages on the list, the reason these weren't changed
before was for compatibility with old compilers, but there are other struct
initializations in the codebase now that use designated initizalizers, so
it shouldn't be a problem. Additionally, the config options listed at the
end failed to be detected by configure, but I'm not sure why. I don't
really know how to use autoconf, so I had to hardcode them, which is
acceptable for my use but clearly not in the actual codebase. I'm hoping
someone can help me figure this out so it will build normally.
Here's the patch for the structs:
http://web.mit.edu/deywos/www/structs.patch
Here are the config options:
NEW_EXPORT_OPS EXPORT_OP_ENCODE_FH_TAKES_INODES
STRUCT_FILE_OPERATIONS_HAS_READ_ITER STRUCT_KEY_TYPE_HAS_MATCH_PREPARSE
STRUCT_SUPER_OPERATIONS_HAS_ALLOC_INODE
STRUCT_SUPER_OPERATIONS_HAS_EVICT_INODE STRUCT_KEY_TYPE_HAS_PREPARSE
STRUCT_FILE_OPERATIONS_HAS_ITERATE DOP_REVALIDATE_TAKES_UNSIGNED
HAVE_LINUX_INODE_OPERATIONS_FOLLOW_LINK_NO_NAMEIDATA
STRUCT_DENTRY_OPERATIONS_HAS_D_AUTOMOUNT
STRUCT_ADDRESS_SPACE_OPERATIONS_HAS_WRITE_BEGIN IOP_LOOKUP_TAKES_UNSIGNED
IOP_MKDIR_TAKES_UMODE_T
HAVE_LINUX_INODE_OPERATIONS_FOLLOW_LINK_NO_NAMEIDATA
HAVE_LINUX_INODE_OPERATIONS_PUT_LINK_NO_NAMEIDATA
AOP_WRITEPAGE_TAKES_WRITEBACK_CONTROL DOP_D_DELETE_TAKES_CONST
Thanks,
Deven
--94eb2c1231e477ee7b0534b9c95e
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I patched OpenAFS to work on Gentoo Hardened 4.4.8-r1; it =
just required a few changes in struct initializations to work with struct r=
andomization. Looking at old messages on the list, the reason these weren&#=
39;t changed before was for compatibility with old compilers, but there are=
other struct initializations in the codebase now that use designated initi=
zalizers, so it shouldn't be a problem. Additionally, the config option=
s listed at the end failed to be detected by configure, but I'm not sur=
e why. I don't really know how to use autoconf, so I had to hardcode th=
em, which is acceptable for my use but clearly not in the actual codebase. =
I'm hoping someone can help me figure this out so it will build normall=
y.<br><br>Here's the patch for the structs: <a href=3D"http://web.mit.e=
du/deywos/www/structs.patch">http://web.mit.edu/deywos/www/structs.patch</a=
><br><div><br>Here are the config options:<br>NEW_EXPORT_OPS
EXPORT_OP_ENCODE_FH_TAKES_INODES
STRUCT_FILE_OPERATIONS_HAS_READ_ITER
STRUCT_KEY_TYPE_HAS_MATCH_PREPARSE
STRUCT_SUPER_OPERATIONS_HAS_ALLOC_INODE
STRUCT_SUPER_OPERATIONS_HAS_EVICT_INODE
STRUCT_KEY_TYPE_HAS_PREPARSE
STRUCT_FILE_OPERATIONS_HAS_ITERATE
DOP_REVALIDATE_TAKES_UNSIGNED
HAVE_LINUX_INODE_OPERATIONS_FOLLOW_LINK_NO_NAMEIDATA
STRUCT_DENTRY_OPERATIONS_HAS_D_AUTOMOUNT
STRUCT_ADDRESS_SPACE_OPERATIONS_HAS_WRITE_BEGIN
IOP_LOOKUP_TAKES_UNSIGNED
IOP_MKDIR_TAKES_UMODE_T
HAVE_LINUX_INODE_OPERATIONS_FOLLOW_LINK_NO_NAMEIDATA
HAVE_LINUX_INODE_OPERATIONS_PUT_LINK_NO_NAMEIDATA
AOP_WRITEPAGE_TAKES_WRITEBACK_CONTROL
DOP_D_DELETE_TAKES_CONST<br><br></div><div>Thanks,<br></div><div>Deven<br><=
/div></div>
--94eb2c1231e477ee7b0534b9c95e--