| 1 |
Hi, |
| 2 |
|
| 3 |
On Mon, 1 May 2017 12:24:14 +0200 Daniel Cegiełka wrote: |
| 4 |
[...] |
| 5 |
> Summing up: |
| 6 |
> |
| 7 |
> * PaX is the most important part of Gentoo Hardened project |
| 8 |
> (Grsecurity, SELinux, RSBAC) |
| 9 |
> |
| 10 |
> * We can't use the 'grsecurity' name, which means that fork of |
| 11 |
> grsecurity == rewriting everything with 'grsecurity' (or 'grsec') |
| 12 |
> name... (~225k LOC grsec+PaX) |
| 13 |
> |
| 14 |
> * PaX (~176k LOC) is available as a separate patch (1), so we can use |
| 15 |
> it without the risk of 'grsecurity' trademark |
| 16 |
> |
| 17 |
> My opinion is: we should continue to use PaX patch and keep the Gentoo |
| 18 |
> Hardened project alive. |
| 19 |
> |
| 20 |
> (1) https://www.grsecurity.net/~paxguy1/ |
| 21 |
|
| 22 |
Are you sure PaX patches will be updated? Because PaXTeam claims |
| 23 |
they will not be published [1]: |
| 24 |
|
| 25 |
"As this is a joint decision, there will be no public PaX patches |
| 26 |
for future kernels. This is effective April 26th 2017." |
| 27 |
|
| 28 |
Or do you suggest to support PaX with our own resources? |
| 29 |
|
| 30 |
[1] https://grsecurity.net/passing_the_baton_faq.php |
| 31 |
|
| 32 |
|
| 33 |
Best regards, |
| 34 |
Andrew Savchenko |
Archives