| 1 |
Hi, |
| 2 |
|
| 3 |
the last publicly available version of PaX / grsecurity will probably |
| 4 |
never be ported to work with the Meldown / Spectre fixes. |
| 5 |
|
| 6 |
The only option is to use minipli's last release (4.9.74) and port all |
| 7 |
non-spectre related fixes from upstream's 4.9 branch [1] to it. However |
| 8 |
you should only run such a kernel on CPUs not affected by Meltdown / |
| 9 |
Spectre, such as the Raspberry Pi or Intel's Atom (the in-order ones |
| 10 |
codenamed "Bonnell") [2]. |
| 11 |
|
| 12 |
Bear in mind that upstream is porting fixes from PaX to mainline, albeit |
| 13 |
at a slow pace. I've rebased the last pax-only patch on 4.9.74 but |
| 14 |
decided for myself that it's not worth maintaining a 4.9 fork. |
| 15 |
|
| 16 |
Cheers, |
| 17 |
Philipp |
| 18 |
|
| 19 |
[1] |
| 20 |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/?h=linux-4.9.y |
| 21 |
[2] https://en.wikipedia.org/wiki/List_of_Intel_Atom_microprocessors |
| 22 |
|
| 23 |
Am 02.09.2018 22:39 schrieb Ren Nyo: |
| 24 |
> In minipli's github brunch, in issues someone ported changes up to |
| 25 |
> 4.9.105. However without spectre and meltdown fixes. You should write |
| 26 |
> to grsecurity team about personal license. If they will receive many |
| 27 |
> letters, maybe they make such license available. |
| 28 |
> |
| 29 |
> вс, 2 сент. 2018 г., 11:43 Alex Efros <powerman@××××××××.name>: |
| 30 |
> |
| 31 |
>> Hi! |
| 32 |
>> |
| 33 |
>> On Sat, Apr 14, 2018 at 12:33:55AM +0000, Ren Nyo wrote: |
| 34 |
>>> I contacted minipli, and he said that unofficial grsecurity |
| 35 |
>> kernel is |
| 36 |
>>> frozen. So we should not wait for him to port KPTI and Meltdown. |
| 37 |
>> |
| 38 |
>> Looks like there is no progress so far. :( |
| 39 |
>> |
| 40 |
>> Is there any other options how to get kernel newer than 4.9.74 with |
| 41 |
>> GrSecurity/PaX for personal use, or it's now available only for |
| 42 |
>> high |
| 43 |
>> price i.e. enterprise-only? |
| 44 |
>> |
| 45 |
>> -- |
| 46 |
>> WBR, Alex. |
Archives