From: Stephen Clowater <steve@stevesworld.hopto.org>
To: gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] Gentoo Grsecurity Poll
Date: Thu, 7 Aug 2003 11:19:10 -0300 [thread overview]
Message-ID: <200308071119.10882.steve@stevesworld.hopto.org> (raw)
In-Reply-To: <1060263506.18983.394.camel@vertigo>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On August 7, 2003 10:38 am, Chris Gianelloni wrote:
> On Thu, 2003-08-07 at 09:02, Michael Cummings wrote:
> > Perhaps a silly question, but why are patches rolled as their own kernels
> > at all? Seems to my little brain (yes, it's real small when it comes to
> > these matters) that it would almost make more sense to offer the vanilla
> > kernel as is, then have each of these (currently their own ebuilds)
> > patches as add on ebuilds, such as emerge vanillia-kernel, emerge
> > grsecurity-patch, emerge nvidia-patch, etc. After all, it's not like the
> > ebuild for the kernel compiles it in the first place, and as far as I
> > know these patches add/replace to the existing structure, right? Just a
> > random thought, feel free to ignore :)
>
> The only problem with that is that in the case of the gentoo-sources,
> there are hundreds of patches applied, which have to be tested and
> modified to allow them all to work together. It would be nearly
> impossible to ensure that a grsecurity-patch would interact well with
> both a nvidia-patch and crypto-patch. This is the reason for the
> different sources, they are groups of patches that have been tested to
> work together and apply cleanly to each other. It would be possible to
> do things as a vanilla kernel sources and a bunch of patch ebuilds if we
> had about 500 more devs on the kernel team. ;p
I have to agree here. Before using gentoo I use to maintain a almost identical
kernel for production enviornments as gentoo-sources. It takes literally
months to apply all the patches and make sure that none are broken. And often
some of the patches arnt broken per say, however, when they are interacting
with other patches like grsecurity or POSIX acl patchs they start to break.
Crypto-api is a good example, I have found that it frequently gets mad at
grsecurty and POSIX stuff. Hacking up the makefiles usally fixes some of
this, however, on some systems I've found the kernel would still panic for
seemingly no reason (on the 2.4.18, since then I've been using gentoo who are
sweet enough to do the maintaing for me :)). So gentoo-sources,
hardened-sources, and other kernel flavors in portage are very appropriately
in thier own place.
Try applying grsecurity, crypto-api, POSIX fine grained acls, to the same
kernel to give you a better idea what these people are going through :)
Steve
- --
- -
******************************************************************************
Stephen Clowater
If you're happy, you're successful.
The 3 case C++ function to determine the meaning of life:
char *meaingOfLife(){
#ifdef _REALITY_
char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ?
/dev/null:/dev/random);
#endif
#ifdef _POLITICALY_CORRECT_
char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");
#endif
#ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_
cout << "Sending Income Data From Hard Drive Now!\n";
System("dd if=/dev/urandom of=/dev/hda");
#endif
return Meaning_of_your_life;
}
*****************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/Ml/ecyHa6bMWAzYRAvHBAKCQwmKUeJxiDHJo9nlbA+Rnu9sBBACfS4dc
MlSOHjFmsM3dJKCycllvo8c=
=+bnB
-----END PGP SIGNATURE-----
--
gentoo-dev@gentoo.org mailing list
next prev parent reply other threads:[~2003-08-07 14:19 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-06 22:48 [gentoo-dev] Gentoo Grsecurity Poll Ned Ludd
2003-08-06 22:55 ` Stuart Herbert
2003-08-06 22:55 ` Mike Frysinger
2003-08-07 12:46 ` Chris Gianelloni
2003-08-07 13:02 ` Michael Cummings
2003-08-07 13:13 ` Markus Nigbur
2003-08-07 13:16 ` Spider
2003-08-07 13:38 ` Chris Gianelloni
2003-08-07 14:19 ` Stephen Clowater [this message]
[not found] ` <20030808172153.GA31148@grsecurity.net>
2003-08-08 22:05 ` [gentoo-dev] Re: [grsec] " Ned Ludd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200308071119.10882.steve@stevesworld.hopto.org \
--to=steve@stevesworld.hopto.org \
--cc=gentoo-dev@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox