Archives
Archives
| From: | "Daniel Cegiełka" <daniel.cegielka@×××××.com> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Subject: | Re: [gentoo-hardened] Technical repercussions of grsecurity removal | ||
| Date: | Tue, 02 May 2017 08:28:42 | ||
| Message-Id: | CAPLrYEQ-pBizCyD1nK5KyYOcEZu17UDiQVmMUo9yAWdh7_EeHg@mail.gmail.com | ||
| In Reply to: | Re: [gentoo-hardened] Technical repercussions of grsecurity removal by SK |
||
| 1 | https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project |
| 2 | |
| 3 | It closes the topic of our discussion. |
| 4 | |
| 5 | worth reading: |
| 6 | |
| 7 | http://openwall.com/lists/kernel-hardening/2017/05/01/5 |
| 8 | |
| 9 | http://openwall.com/lists/kernel-hardening/2017/05/02/4 |
| 10 | |
| 11 | this means: |
| 12 | |
| 13 | * KSPP means that keeping PaX for >4.9 will be difficult and painful, |
| 14 | as I pointed out previously |
| 15 | * NSA SELinux instead PAX MPROTECT? |
| 16 | |
| 17 | |
| 18 | alternatives: RSBAC |
| 19 | |
| 20 | * slow, but actively developed: |
| 21 | http://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-4.9.y.git;a=summary |
| 22 | |
| 23 | * produkction ready |
| 24 | |
| 25 | * lots of options similar to what is in grsecurity (eg. restricted |
| 26 | chroot in grsec and jail in rsbac): |
| 27 | |
| 28 | http://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-4.9.y.git;a=blob;f=rsbac/Kconfig;h=4a6ae294d41365a5c1757503575074c89ceebb11;hb=HEAD |
| Subject | Author |
|---|---|
| Re: [gentoo-hardened] Technical repercussions of grsecurity removal | Miroslav Rovis <miro.rovis@××××××××××××××.hr> |