| 1 |
El 22/09/11 22:20, Michael Mol escribió: |
| 2 |
> My question is...what kinds? |
| 3 |
Well mainly the PaX and the grsecurity patches. I also heard there is a |
| 4 |
WIP in bringing RSBAC back again too. |
| 5 |
> For what reason is there a set of "makes |
| 6 |
> it more secure" patches that aren't integrated into the mainline |
| 7 |
> kernel? |
| 8 |
The main reason is political reasons. |
| 9 |
> Are they just not stable in some fashion? |
| 10 |
As with all, newer features in the patchset can cause crashes but |
| 11 |
crashes on the old ones are very rare. |
| 12 |
> Do they exclude some |
| 13 |
> kernel functionality? |
| 14 |
Some bits and usually they restrict it more than excluding it. |
| 15 |
> Do they impact performance? |
| 16 |
That also happens with some of the features but usually performance |
| 17 |
impacts are noted. |
| 18 |
|
| 19 |
If you are interested in knowing more about the patchset you may want to |
| 20 |
look at this document: |
| 21 |
http://klondike.xiscosoft.es/charlas/Hardened/GentooHardenedWhy.odt |
| 22 |
|
| 23 |
El 22/09/11 23:12, Paul Hartman escribió: |
| 24 |
> I think it's essentially gentoo-sources with the grsecurity patchset |
| 25 |
> on top. |
| 26 |
It is gentoo-sources minus the framebuffer patch plus PaX and grsecurity |
| 27 |
patches + some custom security profiles. |
Archives