From: Javier Juan Martinez Cabezon <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] RIP hardened-sources
Date: Sat, 29 Apr 2017 18:52:56 +0200 [thread overview]
Message-ID: <5904C4E8.8020607@gmail.com> (raw)
In-Reply-To: <CAPLrYETZWnKoxpaA41BfXMOePZmX_T9ne0yjMpAFgBY=PH5LtA@mail.gmail.com>
It's not one PaX alternative as its only one of its features but rsbac
recently implemented native W or X and seems to work fine
On 29/04/17 17:56, Daniel Cegiełka wrote:
> 2017-04-29 14:47 GMT+02:00 Alex Efros <powerman@powerman.name>:
> It's not about grsecurity, it's about PaX. This was the basic layer
> of protection. Gentoo Hardened has spent years working to provide PaX
> support in userland. It was the core of this project. Alpine Linux and
> others are also based on PaX. After years of building _trust_, it all
> disappears overnight. You can use Grsecurity, you can use SELinux, you
> can use RSBAC, but you do not have a good alternative for PaX. And
> this is an existential problem for all these projects. By the way, I
> don't know what the Gentoo Hardened or Alpine Linux have done wrong,
> that now are left out in the cold.
>
> Instead of complaining, we have to decide what to do next. In my
> opinion, it is critical to maintain support for PaX* for future
> kernels. It will not be easy, so I'm right away saying that Gentoo
> Hardened, Alpine Linux etc. should join forces in realizing this
> project. I think there will be more people who will be interested
> in...
>
> * https://www.grsecurity.net/~paxguy1/
>
> Daniel
>
next prev parent reply other threads:[~2017-04-29 16:52 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-29 11:49 [gentoo-hardened] RIP hardened-sources Luis Ressel
2017-04-29 12:47 ` Alex Efros
2017-04-29 15:56 ` Daniel Cegiełka
2017-04-29 16:52 ` Javier Juan Martinez Cabezon [this message]
2017-04-29 16:58 ` Luis Ressel
2017-04-30 8:15 ` Javier Juan Martinez Cabezon
2017-04-29 17:04 ` Luis Ressel
2017-04-29 18:43 ` Daniel Cegiełka
2017-04-29 20:34 ` "Tóth Attila"
2017-04-29 22:04 ` Brant Williams
2017-04-30 13:00 ` Andrew Savchenko
2017-04-30 13:16 ` Alex Efros
2017-04-30 14:34 ` Andrew Savchenko
2017-04-30 14:56 ` "Tóth Attila"
2017-04-30 13:07 ` Andrew Savchenko
2017-04-29 13:11 ` Alex Efros
2017-04-29 13:46 ` PaX Team
2017-04-29 16:46 ` Alex Efros
2017-04-30 11:08 ` Alex Efros
2017-04-30 11:50 ` SK
2017-04-30 11:55 ` SK
2017-04-30 12:32 ` Andrew Savchenko
2017-04-30 12:56 ` Alex Efros
2017-04-30 13:28 ` Andrew Savchenko
2017-04-30 13:07 ` Daniel Cegiełka
2017-04-29 15:30 ` Paweł Hajdan, Jr.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5904C4E8.8020607@gmail.com \
--to=tazok.id0@gmail.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox