| 1 |
Le Mercredi 24 Mars 2010 20:47:08, Mansour Moufid a écrit : |
| 2 |
> Hello, |
| 3 |
> |
| 4 |
> The latest stable release of grsecurity is for 2.6.32 kernels. |
| 5 |
> Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while |
| 6 |
> now. Is there any particular reason for this? |
| 7 |
> |
| 8 |
> Stability is important, but it's also fact that many (most?) |
| 9 |
> vulnerabilities in Linux are fixed silently as non-security updates in |
| 10 |
> the latest kernels. The grsecurity/PaX team has been tracking and |
| 11 |
> backporting these sorts of stealth vulnerability fixes. Therefore, |
| 12 |
> would it not make more sense for Gentoo Hardened to follow their lead? |
| 13 |
> Especially considering they will be supporting 2.6.32 on a long term |
| 14 |
> basis[1]. |
| 15 |
> |
| 16 |
> Thanks for your time. |
| 17 |
> |
| 18 |
> [1] <http://grsecurity.net/news.php#stablechosen> |
| 19 |
|
| 20 |
Try hardened-development overlay (available via layman) |
| 21 |
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary |
| 22 |
|
| 23 |
It provides a recent kernel and some toolchain patches |
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
-- |
| 28 |
Guillaume Castagnino |
| 29 |
casta@×××××.info / guillaume@××××××××××.org |
Archives