From: | "Daniel Cegiełka" <daniel.cegielka@×××××.com> | ||
---|---|---|---|
To: | gentoo-hardened@l.g.o | ||
Subject: | Re: [gentoo-hardened] Technical repercussions of grsecurity removal | ||
Date: | Mon, 01 May 2017 10:24:43 | ||
Message-Id: | CAPLrYEQcuQNrTqBSF8EMMm0U8WqyZjTExAxC6Jsjum5VAAKTrg@mail.gmail.com | ||
In Reply to: | [gentoo-hardened] Technical repercussions of grsecurity removal by Sven Vermeulen |
1 | 2017-05-01 11:38 GMT+02:00 Sven Vermeulen <swift@g.o>: |
2 | > Hi all, |
3 | > |
4 | > There is a nice debate ongoing on the mailinglist [1] on the topic of |
5 | > grsecurity's recent decision to no longer provide the test patches to the |
6 | > public. I'd like to keep the debate on the rationale of it in that |
7 | > discussion, but focus here on what we, from Gentoo Hardened, now need to do |
8 | > or which direction we're going to move forward with. |
9 | > |
10 | > [1] |
11 | > https://archives.gentoo.org/gentoo-hardened/message/a06145056b167f52c079bffd9c9a51ac |
12 | > |
13 | > The obvious step is indeed to stop further *current* development on |
14 | > hardened-sources. I don't know how many additional patchsets are being |
15 | > implemented in it (blueness? Zorry?) so I don't know if it means that |
16 | > hardened-sources in total is done with or not. |
17 | |
18 | Hi, |
19 | |
20 | I have already written my opinion: |
21 | |
22 | https://archives.gentoo.org/gentoo-hardened/message/97ccd6d5eb7f94c3cce2ac48ed41a7bb |
23 | |
24 | https://archives.gentoo.org/gentoo-hardened/message/139ab72c413b2b83e08c948b061882bf |
25 | |
26 | |
27 | Summing up: |
28 | |
29 | * PaX is the most important part of Gentoo Hardened project |
30 | (Grsecurity, SELinux, RSBAC) |
31 | |
32 | * We can't use the 'grsecurity' name, which means that fork of |
33 | grsecurity == rewriting everything with 'grsecurity' (or 'grsec') |
34 | name... (~225k LOC grsec+PaX) |
35 | |
36 | * PaX (~176k LOC) is available as a separate patch (1), so we can use |
37 | it without the risk of 'grsecurity' trademark |
38 | |
39 | My opinion is: we should continue to use PaX patch and keep the Gentoo |
40 | Hardened project alive. |
41 | |
42 | (1) https://www.grsecurity.net/~paxguy1/ |
43 | |
44 | Daniel |
Subject | Author |
---|---|
Re: [gentoo-hardened] Technical repercussions of grsecurity removal | Andrew Savchenko <bircoph@g.o> |