From: "Daniel Cegiełka" <daniel.cegielka@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Technical repercussions of grsecurity removal
Date: Mon, 1 May 2017 12:24:14 +0200 [thread overview]
Message-ID: <CAPLrYEQcuQNrTqBSF8EMMm0U8WqyZjTExAxC6Jsjum5VAAKTrg@mail.gmail.com> (raw)
In-Reply-To: <20170501093843.GA927@gentoo.org>
2017-05-01 11:38 GMT+02:00 Sven Vermeulen <swift@gentoo.org>:
> Hi all,
>
> There is a nice debate ongoing on the mailinglist [1] on the topic of
> grsecurity's recent decision to no longer provide the test patches to the
> public. I'd like to keep the debate on the rationale of it in that
> discussion, but focus here on what we, from Gentoo Hardened, now need to do
> or which direction we're going to move forward with.
>
> [1]
> https://archives.gentoo.org/gentoo-hardened/message/a06145056b167f52c079bffd9c9a51ac
>
> The obvious step is indeed to stop further *current* development on
> hardened-sources. I don't know how many additional patchsets are being
> implemented in it (blueness? Zorry?) so I don't know if it means that
> hardened-sources in total is done with or not.
Hi,
I have already written my opinion:
https://archives.gentoo.org/gentoo-hardened/message/97ccd6d5eb7f94c3cce2ac48ed41a7bb
https://archives.gentoo.org/gentoo-hardened/message/139ab72c413b2b83e08c948b061882bf
Summing up:
* PaX is the most important part of Gentoo Hardened project
(Grsecurity, SELinux, RSBAC)
* We can't use the 'grsecurity' name, which means that fork of
grsecurity == rewriting everything with 'grsecurity' (or 'grsec')
name... (~225k LOC grsec+PaX)
* PaX (~176k LOC) is available as a separate patch (1), so we can use
it without the risk of 'grsecurity' trademark
My opinion is: we should continue to use PaX patch and keep the Gentoo
Hardened project alive.
(1) https://www.grsecurity.net/~paxguy1/
Daniel
next prev parent reply other threads:[~2017-05-01 10:24 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-01 9:38 [gentoo-hardened] Technical repercussions of grsecurity removal Sven Vermeulen
2017-05-01 9:50 ` Sven Vermeulen
2017-05-01 10:24 ` Daniel Cegiełka [this message]
2017-05-01 11:00 ` Andrew Savchenko
2017-05-01 12:25 ` Daniel Cegiełka
2017-05-01 10:28 ` Andrew Savchenko
2017-05-01 13:58 ` Sven Vermeulen
2017-05-01 14:20 ` SK
2017-05-01 14:53 ` Daniel Cegiełka
2017-05-01 15:21 ` SK
2017-05-02 8:28 ` Daniel Cegiełka
2017-05-08 18:08 ` Miroslav Rovis
2017-05-08 18:57 ` Luis Ressel
2017-05-08 20:07 ` Mathias Krause
2017-05-08 20:49 ` Miroslav Rovis
2017-05-08 23:31 ` Miroslav Rovis
2017-05-09 14:28 ` [gentoo-hardened] Unofficial grsec kernel install WAS: " Miroslav Rovis
2017-05-08 21:12 ` [gentoo-hardened] " Andrew Savchenko
2017-05-12 19:10 ` "Tóth Attila"
2017-05-12 23:38 ` Alex Efros
2017-05-13 0:17 ` Max R.D. Parmer
2017-05-02 15:28 ` Luis Ressel
2017-05-02 15:56 ` Daniel Cegiełka
2017-05-02 16:02 ` Luis Ressel
2017-05-02 16:59 ` Daniel Cegiełka
2017-05-02 17:23 ` "Tóth Attila"
2017-05-02 19:58 ` Daniel Cegiełka
2017-05-02 20:41 ` Alex Efros
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPLrYEQcuQNrTqBSF8EMMm0U8WqyZjTExAxC6Jsjum5VAAKTrg@mail.gmail.com \
--to=daniel.cegielka@gmail.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox