[gentoo-hardened] Gentoo Grsecurity Poll

[gentoo-hardened] Gentoo Grsecurity Poll

[Ned Ludd]

Gentoo Linux includes support for grsecurity in nearly every kernel that
we have. Unfortunately the patch level is not always as up2date as Brad's
code due to the many other patches that are included, however what I'm
wondering here is do the Gentoo users want the option of merging a
vanilla-kernel with just "one" patch applied. It would be called
grsecurity-sources. I would like to use the grsec2 series for this so we
can help Brad debug and get it to a stable level.

Comments, suggestions and feedback are welcome.

PS: grsec is also used on our production servers, sourceforge also uses
grsec in a production environment.

-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux Developer (Hardened)


--
gentoo-hardened@gentoo.org mailing list

[gentoo-hardened] Re: [gentoo-dev] Gentoo Grsecurity Poll

[Mike Frysinger]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 1146 bytes --]

On Wednesday 06 August 2003 18:48, Ned Ludd wrote:
> Gentoo Linux includes support for grsecurity in nearly every kernel that
> we have. Unfortunately the patch level is not always as up2date as Brad's
> code due to the many other patches that are included, however what I'm
> wondering here is do the Gentoo users want the option of merging a
> vanilla-kernel with just "one" patch applied. It would be called
> grsecurity-sources. I would like to use the grsec2 series for this so we
> can help Brad debug and get it to a stable level.
>
> Comments, suggestions and feedback are welcome.
>
> PS: grsec is also used on our production servers, sourceforge also uses
> grsec in a production environment.

i would be all for it ...
i dont use any of the kernels in sys-kernels for a variety of reasons ... but 
one kernel that i use in many places (routers/servers/etc...) is a hand 
rolled vanilla kernel with just the grsec patch ...
in other words, i would utilize this new kern on my boxes :)
it would also be pretty sweet to have up-to-date support for grsec ... brad 
has done amazing things with his latest code.
-mike

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-hardened] Gentoo Grsecurity Poll

[Mikhail P.]

On Wednesday 06 August 2003 22:48, Ned Ludd wrote:
> Gentoo Linux includes support for grsecurity in nearly every kernel that
> we have. Unfortunately the patch level is not always as up2date as Brad's
> code due to the many other patches that are included, however what I'm
> wondering here is do the Gentoo users want the option of merging a
> vanilla-kernel with just "one" patch applied. It would be called
> grsecurity-sources. I would like to use the grsec2 series for this so we
> can help Brad debug and get it to a stable level.
>
> Comments, suggestions and feedback are welcome.
>
> PS: grsec is also used on our production servers, sourceforge also uses
> grsec in a production environment.

I agree with you on this - adding GRSecurity to vanilla-sources as only one 
patch would be great.
I suggest that this should be grsec-1.9.x for now, because there is at least 
some docs available, while grsec2 has no docs available (only examples in 
/etc/grsec/acl in default installation; correct me if I'm wrong).

I'm using grsec2 since pre versions, and it has been stable in production 
enviroment. In my point, lack of documentation for grsec2 is the only stone 
on the road. More docs would help users to migrate from 1.9.x to 2.x.

Mikhail.

-- 
Why use Windows, since there is a door?


--
gentoo-hardened@gentoo.org mailing list

[gentoo-hardened] Re: [grsec] Gentoo Grsecurity Poll

[Ned Ludd]

Brad, 

Thanks for responding your blessing was the one I wanted to see the most
before jumping into this. We got a fair amount of feedback from various
people using both grsec1 & grsec2 and everybody was for a pure grsec
only kernel. 

To meet the needs of everybody my initial plan will be to add both
2.4.21.1.9.11 and 2.4.21.2.0_rc2 unless you have an _rc3 planned for 2.0
in the next few days and then removing 1.9 when you deem 2.0 as stable.

Supported arches will be x86, sparc, sparc64, alpha, parisc, and ppc

On Fri, 2003-08-08 at 13:21, spender@grsecurity.net wrote:
> On Wed, Aug 06, 2003 at 06:48:36PM -0400, Ned Ludd wrote:
> > 
> > Gentoo Linux includes support for grsecurity in nearly every kernel that
> > we have. Unfortunately the patch level is not always as up2date as Brad's
> > code due to the many other patches that are included, however what I'm
> > wondering here is do the Gentoo users want the option of merging a
> > vanilla-kernel with just "one" patch applied. It would be called
> > grsecurity-sources. I would like to use the grsec2 series for this so we
> > can help Brad debug and get it to a stable level.
> 
> I would definitely like this.  I could give them official stampings 
> then.  This weekend I might throw some packages of current cvs of grsec 
> and gradm up on the website.  I'd like to get a group of people together 
> so that for every release I can offer some packages in different formats 
> of grsecurity and gradm.  I'd also like to have a package that would 
> work on most ide-based servers that wouldn't have module support and 
> thus would have KERNEXEC enabled.
> 
> -Brad
-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux Developer (Hardened)


--
gentoo-hardened@gentoo.org mailing list