From: | "Daniel Cegiełka" <daniel.cegielka@×××××.com> | ||
---|---|---|---|
To: | gentoo-hardened@l.g.o | ||
Subject: | Re: [gentoo-hardened] Technical repercussions of grsecurity removal | ||
Date: | Tue, 02 May 2017 08:28:42 | ||
Message-Id: | CAPLrYEQ-pBizCyD1nK5KyYOcEZu17UDiQVmMUo9yAWdh7_EeHg@mail.gmail.com | ||
In Reply to: | Re: [gentoo-hardened] Technical repercussions of grsecurity removal by SK |
1 | https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project |
2 | |
3 | It closes the topic of our discussion. |
4 | |
5 | worth reading: |
6 | |
7 | http://openwall.com/lists/kernel-hardening/2017/05/01/5 |
8 | |
9 | http://openwall.com/lists/kernel-hardening/2017/05/02/4 |
10 | |
11 | this means: |
12 | |
13 | * KSPP means that keeping PaX for >4.9 will be difficult and painful, |
14 | as I pointed out previously |
15 | * NSA SELinux instead PAX MPROTECT? |
16 | |
17 | |
18 | alternatives: RSBAC |
19 | |
20 | * slow, but actively developed: |
21 | http://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-4.9.y.git;a=summary |
22 | |
23 | * produkction ready |
24 | |
25 | * lots of options similar to what is in grsecurity (eg. restricted |
26 | chroot in grsec and jail in rsbac): |
27 | |
28 | http://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-4.9.y.git;a=blob;f=rsbac/Kconfig;h=4a6ae294d41365a5c1757503575074c89ceebb11;hb=HEAD |
Subject | Author |
---|---|
Re: [gentoo-hardened] Technical repercussions of grsecurity removal | Miroslav Rovis <miro.rovis@××××××××××××××.hr> |