1 |
Hi, |
2 |
|
3 |
On Mon, 1 May 2017 12:24:14 +0200 Daniel Cegiełka wrote: |
4 |
[...] |
5 |
> Summing up: |
6 |
> |
7 |
> * PaX is the most important part of Gentoo Hardened project |
8 |
> (Grsecurity, SELinux, RSBAC) |
9 |
> |
10 |
> * We can't use the 'grsecurity' name, which means that fork of |
11 |
> grsecurity == rewriting everything with 'grsecurity' (or 'grsec') |
12 |
> name... (~225k LOC grsec+PaX) |
13 |
> |
14 |
> * PaX (~176k LOC) is available as a separate patch (1), so we can use |
15 |
> it without the risk of 'grsecurity' trademark |
16 |
> |
17 |
> My opinion is: we should continue to use PaX patch and keep the Gentoo |
18 |
> Hardened project alive. |
19 |
> |
20 |
> (1) https://www.grsecurity.net/~paxguy1/ |
21 |
|
22 |
Are you sure PaX patches will be updated? Because PaXTeam claims |
23 |
they will not be published [1]: |
24 |
|
25 |
"As this is a joint decision, there will be no public PaX patches |
26 |
for future kernels. This is effective April 26th 2017." |
27 |
|
28 |
Or do you suggest to support PaX with our own resources? |
29 |
|
30 |
[1] https://grsecurity.net/passing_the_baton_faq.php |
31 |
|
32 |
|
33 |
Best regards, |
34 |
Andrew Savchenko |