Gentoo Archives: gentoo-hardened

From: "Daniel Cegiełka" <daniel.cegielka@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] RIP hardened-sources
Date: Sat, 29 Apr 2017 15:56:34
In Reply to: Re: [gentoo-hardened] RIP hardened-sources by Alex Efros
1 2017-04-29 14:47 GMT+02:00 Alex Efros <powerman@××××××××.name>:
2 > Hi!
3 >
4 > On Sat, Apr 29, 2017 at 01:49:20PM +0200, Luis Ressel wrote:
5 >> I suppose we all just grudgingly switch over to gentoo-sources?
6 >
7 > I wonder for how long time current kernel with grsec will be more safe and
8 > protected against new exploits than up-to-date gentoo-sources…
9 > Something new in security: avoid updates to have better protection.
11 It's not about grsecurity, it's about PaX. This was the basic layer
12 of protection. Gentoo Hardened has spent years working to provide PaX
13 support in userland. It was the core of this project. Alpine Linux and
14 others are also based on PaX. After years of building _trust_, it all
15 disappears overnight. You can use Grsecurity, you can use SELinux, you
16 can use RSBAC, but you do not have a good alternative for PaX. And
17 this is an existential problem for all these projects. By the way, I
18 don't know what the Gentoo Hardened or Alpine Linux have done wrong,
19 that now are left out in the cold.
21 Instead of complaining, we have to decide what to do next. In my
22 opinion, it is critical to maintain support for PaX* for future
23 kernels. It will not be easy, so I'm right away saying that Gentoo
24 Hardened, Alpine Linux etc. should join forces in realizing this
25 project. I think there will be more people who will be interested
26 in...
28 *
30 Daniel


Subject Author
Re: [gentoo-hardened] RIP hardened-sources Javier Juan Martinez Cabezon <tazok.id0@×××××.com>
Re: [gentoo-hardened] RIP hardened-sources Luis Ressel <aranea@×××××.de>