public inbox for gentoo-hardened@lists.gentoo.org
 help / color / mirror / Atom feed
From: Javier Juan Martinez Cabezon <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] RIP hardened-sources
Date: Sat, 29 Apr 2017 18:52:56 +0200	[thread overview]
Message-ID: <5904C4E8.8020607@gmail.com> (raw)
In-Reply-To: <CAPLrYETZWnKoxpaA41BfXMOePZmX_T9ne0yjMpAFgBY=PH5LtA@mail.gmail.com>

It's not one PaX alternative as its only one of its features but rsbac
recently implemented native W or X and seems to work fine


On 29/04/17 17:56, Daniel Cegiełka wrote:
> 2017-04-29 14:47 GMT+02:00 Alex Efros <powerman@powerman.name>:

> It's not about grsecurity, it's about PaX.  This was the basic layer
> of protection. Gentoo Hardened has spent years working to provide PaX
> support in userland. It was the core of this project. Alpine Linux and
> others are also based on PaX. After years of building _trust_, it all
> disappears overnight. You can use Grsecurity, you can use SELinux, you
> can use RSBAC, but you do not have a good alternative for PaX. And
> this is an existential problem for all these projects. By the way, I
> don't know what the Gentoo Hardened or Alpine Linux have done wrong,
> that now are left out in the cold.
> 
> Instead of complaining, we have to decide what to do next. In my
> opinion, it is critical to maintain support for PaX* for future
> kernels. It will not be easy, so I'm right away saying that Gentoo
> Hardened, Alpine Linux etc. should join forces in realizing this
> project. I think there will be more people who will be interested
> in...
> 
> * https://www.grsecurity.net/~paxguy1/
> 
> Daniel
> 



  reply	other threads:[~2017-04-29 16:52 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-29 11:49 [gentoo-hardened] RIP hardened-sources Luis Ressel
2017-04-29 12:47 ` Alex Efros
2017-04-29 15:56   ` Daniel Cegiełka
2017-04-29 16:52     ` Javier Juan Martinez Cabezon [this message]
2017-04-29 16:58       ` Luis Ressel
2017-04-30  8:15         ` Javier Juan Martinez Cabezon
2017-04-29 17:04     ` Luis Ressel
2017-04-29 18:43       ` Daniel Cegiełka
2017-04-29 20:34         ` "Tóth Attila"
2017-04-29 22:04           ` Brant Williams
2017-04-30 13:00           ` Andrew Savchenko
2017-04-30 13:16             ` Alex Efros
2017-04-30 14:34               ` Andrew Savchenko
2017-04-30 14:56                 ` "Tóth Attila"
2017-04-30 13:07   ` Andrew Savchenko
2017-04-29 13:11 ` Alex Efros
2017-04-29 13:46   ` PaX Team
2017-04-29 16:46     ` Alex Efros
2017-04-30 11:08       ` Alex Efros
2017-04-30 11:50         ` SK
2017-04-30 11:55           ` SK
2017-04-30 12:32             ` Andrew Savchenko
2017-04-30 12:56             ` Alex Efros
2017-04-30 13:28               ` Andrew Savchenko
2017-04-30 13:07           ` Daniel Cegiełka
2017-04-29 15:30   ` Paweł Hajdan, Jr.

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5904C4E8.8020607@gmail.com \
    --to=tazok.id0@gmail.com \
    --cc=gentoo-hardened@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox