1 |
El 22/09/11 22:20, Michael Mol escribió: |
2 |
> My question is...what kinds? |
3 |
Well mainly the PaX and the grsecurity patches. I also heard there is a |
4 |
WIP in bringing RSBAC back again too. |
5 |
> For what reason is there a set of "makes |
6 |
> it more secure" patches that aren't integrated into the mainline |
7 |
> kernel? |
8 |
The main reason is political reasons. |
9 |
> Are they just not stable in some fashion? |
10 |
As with all, newer features in the patchset can cause crashes but |
11 |
crashes on the old ones are very rare. |
12 |
> Do they exclude some |
13 |
> kernel functionality? |
14 |
Some bits and usually they restrict it more than excluding it. |
15 |
> Do they impact performance? |
16 |
That also happens with some of the features but usually performance |
17 |
impacts are noted. |
18 |
|
19 |
If you are interested in knowing more about the patchset you may want to |
20 |
look at this document: |
21 |
http://klondike.xiscosoft.es/charlas/Hardened/GentooHardenedWhy.odt |
22 |
|
23 |
El 22/09/11 23:12, Paul Hartman escribió: |
24 |
> I think it's essentially gentoo-sources with the grsecurity patchset |
25 |
> on top. |
26 |
It is gentoo-sources minus the framebuffer patch plus PaX and grsecurity |
27 |
patches + some custom security profiles. |