Archives
Archives
| From: | "Daniel Cegiełka" <daniel.cegielka@×××××.com> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Subject: | Re: [gentoo-hardened] Technical repercussions of grsecurity removal | ||
| Date: | Mon, 01 May 2017 10:24:43 | ||
| Message-Id: | CAPLrYEQcuQNrTqBSF8EMMm0U8WqyZjTExAxC6Jsjum5VAAKTrg@mail.gmail.com | ||
| In Reply to: | [gentoo-hardened] Technical repercussions of grsecurity removal by Sven Vermeulen |
||
| 1 | 2017-05-01 11:38 GMT+02:00 Sven Vermeulen <swift@g.o>: |
| 2 | > Hi all, |
| 3 | > |
| 4 | > There is a nice debate ongoing on the mailinglist [1] on the topic of |
| 5 | > grsecurity's recent decision to no longer provide the test patches to the |
| 6 | > public. I'd like to keep the debate on the rationale of it in that |
| 7 | > discussion, but focus here on what we, from Gentoo Hardened, now need to do |
| 8 | > or which direction we're going to move forward with. |
| 9 | > |
| 10 | > [1] |
| 11 | > https://archives.gentoo.org/gentoo-hardened/message/a06145056b167f52c079bffd9c9a51ac |
| 12 | > |
| 13 | > The obvious step is indeed to stop further *current* development on |
| 14 | > hardened-sources. I don't know how many additional patchsets are being |
| 15 | > implemented in it (blueness? Zorry?) so I don't know if it means that |
| 16 | > hardened-sources in total is done with or not. |
| 17 | |
| 18 | Hi, |
| 19 | |
| 20 | I have already written my opinion: |
| 21 | |
| 22 | https://archives.gentoo.org/gentoo-hardened/message/97ccd6d5eb7f94c3cce2ac48ed41a7bb |
| 23 | |
| 24 | https://archives.gentoo.org/gentoo-hardened/message/139ab72c413b2b83e08c948b061882bf |
| 25 | |
| 26 | |
| 27 | Summing up: |
| 28 | |
| 29 | * PaX is the most important part of Gentoo Hardened project |
| 30 | (Grsecurity, SELinux, RSBAC) |
| 31 | |
| 32 | * We can't use the 'grsecurity' name, which means that fork of |
| 33 | grsecurity == rewriting everything with 'grsecurity' (or 'grsec') |
| 34 | name... (~225k LOC grsec+PaX) |
| 35 | |
| 36 | * PaX (~176k LOC) is available as a separate patch (1), so we can use |
| 37 | it without the risk of 'grsecurity' trademark |
| 38 | |
| 39 | My opinion is: we should continue to use PaX patch and keep the Gentoo |
| 40 | Hardened project alive. |
| 41 | |
| 42 | (1) https://www.grsecurity.net/~paxguy1/ |
| 43 | |
| 44 | Daniel |
| Subject | Author |
|---|---|
| Re: [gentoo-hardened] Technical repercussions of grsecurity removal | Andrew Savchenko <bircoph@g.o> |