1 |
It's not one PaX alternative as its only one of its features but rsbac |
2 |
recently implemented native W or X and seems to work fine |
3 |
|
4 |
|
5 |
On 29/04/17 17:56, Daniel Cegiełka wrote: |
6 |
> 2017-04-29 14:47 GMT+02:00 Alex Efros <powerman@××××××××.name>: |
7 |
|
8 |
> It's not about grsecurity, it's about PaX. This was the basic layer |
9 |
> of protection. Gentoo Hardened has spent years working to provide PaX |
10 |
> support in userland. It was the core of this project. Alpine Linux and |
11 |
> others are also based on PaX. After years of building _trust_, it all |
12 |
> disappears overnight. You can use Grsecurity, you can use SELinux, you |
13 |
> can use RSBAC, but you do not have a good alternative for PaX. And |
14 |
> this is an existential problem for all these projects. By the way, I |
15 |
> don't know what the Gentoo Hardened or Alpine Linux have done wrong, |
16 |
> that now are left out in the cold. |
17 |
> |
18 |
> Instead of complaining, we have to decide what to do next. In my |
19 |
> opinion, it is critical to maintain support for PaX* for future |
20 |
> kernels. It will not be easy, so I'm right away saying that Gentoo |
21 |
> Hardened, Alpine Linux etc. should join forces in realizing this |
22 |
> project. I think there will be more people who will be interested |
23 |
> in... |
24 |
> |
25 |
> * https://www.grsecurity.net/~paxguy1/ |
26 |
> |
27 |
> Daniel |
28 |
> |