From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5182B1382C5 for ; Mon, 16 Apr 2018 02:25:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9ED44E086C; Mon, 16 Apr 2018 02:25:15 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4A119E07B3 for ; Mon, 16 Apr 2018 02:25:13 +0000 (UTC) Received: from dt001651.civica.com.au (watch.civica.com.au [203.56.2.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: wraeth) by smtp.gentoo.org (Postfix) with ESMTPSA id E9172335C2E for ; Mon, 16 Apr 2018 02:25:11 +0000 (UTC) Date: Mon, 16 Apr 2018 12:25:01 +1000 From: Sam Jorna To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Regarding the State of PaX in the tree Message-ID: <20180416022500.GA32167@dt001651.civica.com.au> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <8afcc662-4ca4-bf0b-d23a-cba93746ed70@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Content-Disposition: inline In-Reply-To: <8afcc662-4ca4-bf0b-d23a-cba93746ed70@gentoo.org> User-Agent: Mutt/1.9.4 (2018-02-28) X-Archives-Salt: b1b86e88-b48e-47fe-b40d-76e74a84326b X-Archives-Hash: 5eb9efa7fac4adb7d19643da5eb7d05a --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 15, 2018 at 08:04:43PM -0400, Anthony G. Basile wrote: > The question then is, do we remove all this code? As thing stands, its > just lint that serves no current purpose, so removing it would clean > things up. The disadvantage is it would be a pita to ever restore it if > we ever wanted it back. While upstream doesn't provide their patch for > free, some users/companies can purchase the grsecurity patches and still > use a custom hardened-sources kernel with Gentoo. But since we haven't > been able to test the pax markings/custom patches in about a year, its > hard to say how useful that code might still be. Aside from potential breakage of pax-enabled systems due to lack of (ability to perform) testing, is there any burden to keeping it? Unless there's specific benefit to be had by removing the code, I'd be inclined to keep it in-place to facilitate Gentoo users who do subscribe to GRSecurity and use their patchset, granted with the disclaimer that we can't test. Removing the machinery to support it would just drive users to different platforms. Alternatively, perhaps someone from GRSec could help maintain it, since they would obviously be in a position to actually test. Though, I'm not sure how viable it is to have someone maintaining functionality to support a patchset that the majority of us cannot access... --=20 Sam Jorna (wraeth) GnuPG Key: D6180C26 --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQJGBAEBCAAwFiEEkOOCivPPbnU/QAv/9azmicmnVzwFAlrUCXwSHHdyYWV0aEBn ZW50b28ub3JnAAoJEPWs5onJp1c8+L4P/ixE+q9oqmMRbbzswnitKnVT1roojegy MF9FS0gP1Or8ZoMbL+VUgWq848HOxX4DvsCV55nQVzuQavRoRHYBPq7/ePSsfaAe bgxZdTHMPvoIbsqKjcqF42RsEecKW11MgWK7XurnH43kWeFDJyJ/NC3JcSGyxMQ/ XBio3l1YJZPUQq+LdRvzUwe9LMgvjCb9w0GXBOoIAc/7dZPLl6xR5CmpEIEb8ISb 2BiGm+arIiyT4PKaYYgmMxwJ21zPHjVzPHUTzx35PzYWiMo6CZs6zVS0Uz6pUBwj R66hdulrJtxd0Bv2qf6NmhB5asV9TEs2fbJWiVX4vw2Jg+88leZlVcaCJQrWMfKt mLY/jtOJ58PgfwHxzGSlt2ZOs3XryPuY3KIwCJYlKtV4YD2c6MC1gA4UQIUGvb3H sQkQLCTVdbLqkReSMxOKU9s155dy6EXHNvOfdnBwvsHBH4oZtBXFFi80VgdQ7832 jHXaWBRnIk3C1tHHEvU24ivf8KJveLzmFRTWpOIKHMzI4M2Ld6Eazy/lg9Yjp8YN XWozOJ4QEtvAHafUYPOYvYm9jFpnPkbEoTEhTibzYTjhzLbjycpdpP6ADdQe96vZ gEU0IoBUoIiD12W8BxSdlRCKadppr3vEiEpjFUm5acXq54PXmoK7WnupX0ZOo1l1 zip3cu5Rl2Mr =5l20 -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT--