| 1 |
It's not one PaX alternative as its only one of its features but rsbac |
| 2 |
recently implemented native W or X and seems to work fine |
| 3 |
|
| 4 |
|
| 5 |
On 29/04/17 17:56, Daniel Cegiełka wrote: |
| 6 |
> 2017-04-29 14:47 GMT+02:00 Alex Efros <powerman@××××××××.name>: |
| 7 |
|
| 8 |
> It's not about grsecurity, it's about PaX. This was the basic layer |
| 9 |
> of protection. Gentoo Hardened has spent years working to provide PaX |
| 10 |
> support in userland. It was the core of this project. Alpine Linux and |
| 11 |
> others are also based on PaX. After years of building _trust_, it all |
| 12 |
> disappears overnight. You can use Grsecurity, you can use SELinux, you |
| 13 |
> can use RSBAC, but you do not have a good alternative for PaX. And |
| 14 |
> this is an existential problem for all these projects. By the way, I |
| 15 |
> don't know what the Gentoo Hardened or Alpine Linux have done wrong, |
| 16 |
> that now are left out in the cold. |
| 17 |
> |
| 18 |
> Instead of complaining, we have to decide what to do next. In my |
| 19 |
> opinion, it is critical to maintain support for PaX* for future |
| 20 |
> kernels. It will not be easy, so I'm right away saying that Gentoo |
| 21 |
> Hardened, Alpine Linux etc. should join forces in realizing this |
| 22 |
> project. I think there will be more people who will be interested |
| 23 |
> in... |
| 24 |
> |
| 25 |
> * https://www.grsecurity.net/~paxguy1/ |
| 26 |
> |
| 27 |
> Daniel |
| 28 |
> |
Archives