|
Medusa 1.0 Kernel patch for Linux 2.4.26 (Tue Apr 20 10:28:34 CEST 2004)
|
Vaclav Lorenc has contributed a kernel patch for Linux 2.4.26, which is available for download here. You also need The Constable from CVS tree. Here are instructions how to get it:
cvs -d:pserver:anonymous@medusa.terminus.sk:/services/cvs/medusa login
cvs -d:pserver:anonymous@medusa.terminus.sk:/services/cvs/medusa co constable
Instructions how to compile the Constable:
cd constable/libmcompiler
make
cd ../constable
make
You need to have libefence installed. It can be found on freshmeat.net or here. Or you may edit constable's Makefile and remove -lefence from LDFLAGS.
|
Medusa 1.0 Kernel patch for Linux 2.4.23 (Mon Dec 22 15:45:00 CET 2003)
|
Complete kernel patch for Linux 2.4.23 if available here. You also need The Constable from CVS tree. |
Medusa on CVS (Fri Apr 4 15:57:12 CEST 2003)
|
Here are instructions how to get actual Medusa DS9 from CVS tree.
|
Medusa 1.0.0pre1 (Fri May 31 18:46:12 CEST 2002)
|
At the Download/New/ section you can get the working pre-release of newest Medusa, working on uniprocessor Linux. The new version is a complete rewrite, and contains huge amount of new features. The documentation, NetBSD port and SMP support will come soon. Oh, and the license is changed from GPL to dual GPL/BSD - choose what you like more. Stay tuned.
Here are the small installation instructions: download all 3 files; apply linux-kernelfix-2.4.18.diff.gz and medusads9-1.0.0_linux-2.4.18.diff.gz to clean linux 2.4.18 kernel; configure and compile the kernel and Constable; run it. There are some example configurations in the constable package for you to begin with. Ask questions on the mailing list.
|
OpenWeekend announce (Mon May 6 18:25:12 CEST 2002)
|
Open Weekend will be held on June 1., 2. at Prague, Czech Republic, with Amon Ott / RSBAC, Philippe Biondi / LIDS, and us, discussing our respective security systems.
|
Version 0.9.2 released (Tue Apr 16 13:12:04 CEST 2002)
|
contains patch for 2.4.18 kernel (which probably works on 2.4.19pre* too)
kernel patch splitted to (1) general kernel fixes, (2) medusa DS9
modified support for Linux capabilities to make them actually WORK
enable kernel to send signals regardless of security model (fixes ^C in some occasions)
disallowed sending SIGSTOP and SIGTSTP to constable (suggested by Libor Kratochvil)
fix of filesystem code for 2.4, to correct walking through mount-points
minor code cleanup
discontinued support for 2.2.x kernels. If you are willing to maintain the patch for 2.2, you're welcome
|
Patch for 2.4.16 is out, CVS started (Thu Nov 29 04:39:40 CET 2001)
|
We upgraded the patch for the newest 2.4 series kernel. Note that the current release of Medusa is still valid, we release the patch separately. Check the download area.
The future sources of Medusa, as well as the new constable and the documentation, are available on CVS from now.
|
Pre-release of the new Constable (Thu Nov 22 19:28:25 CET 2001)
|
The brand-new constable, featuring new configuration file syntax, better expression evaluation, self-configuration from the running kernel, backward compatibility to the current medusa kernel patches, RBAC module and many other improvements, is ready for the first tests at our download area. The documentation is only in slovak language at this time.
we seek for the volunteers to translate our current documentation and drafts from slovak to english and from english to any other languages. Contact us, please.
|
Version 0.9.0 released (Thu Nov 22 17:05:31 CET 2001)
|
changed the behaviour of FORK event, added START event
improved startup behaviour (by setting defaults to all processes on each restart of Constable)
prepared the source code for the new Constable
patches upgraded to linux 2.2.20 and 2.4.14 (warning: due to changes in 2.4.x kernels we no longer support overriding of the ptrace using OK in syscall tracing handler)
fixed vfsmount problem (kernel crashed without constable) and dual exec event problems.
|
Version 0.8.2 released (Tue Sep 18 20:12:52 CEST 2001)
|
fixed the bugs found in previous release
|
We are alive! (Fri Aug 3 18:13:59 CEST 2001)
|
As you may notice from the new release of Medusa, we are really alive. You can read more on the new areas of the project web page, History and concepts, and Progress and plans.
|
Version 0.8.1-alpha released (Fri Aug 3 18:13:59 CEST 2001)
|
improved code that handles privilege elevation during execve()
added several missing permission checks to System V IPC code
fixed some missing dputs() in VFS code
added linux 2.4.x kernels support. This code is not tested and should be considered as ALPHA quality.
|
Version 0.7.12 released (Fri Aug 18 08:49:20 CEST 2000)
|
Fixed compilation problem when syscall tracing is disabled
added filesystem capabilities support in Constable
kernel patches are in more unified format
added new sample configuration file
improved mini libc (Mlibc) Makefile
appropriate documentation changes
|
Version 0.7.11 released (Thu Aug 10 22:26:07 CEST 2000)
|
file hiding is now config option, not a separate patch
cleaned up System V IPC hooks
rewritten Linux capabilities support - read ChangeLog
fixed - MED_YES at 'for exec' does not skip noexec mount flag and 'x' permission checks
removed passing of filename, argc and argv to security daemon before exec
improved i386 entry.S offset generator (the kernel should now compile properly regardless of /usr/include/(linux|asm) symlinks)
init wrapper has been replaced by support in both kernel and constable: constable can be started instead of init; in this case it initializes itself and starts init. Patch in kernel enables you to use this feature without need to pass option "init=..." to the kernel at boot time.
finally we got rid of that nasty autoconf/automake.
|
|