[gentoo-hardened] Regarding hardened-sources

[gentoo-hardened] Regarding hardened-sources

[Mansour Moufid]

Hello,

The latest stable release of grsecurity is for 2.6.32 kernels.
Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
now. Is there any particular reason for this?

Stability is important, but it's also fact that many (most?)
vulnerabilities in Linux are fixed silently as non-security updates in
the latest kernels. The grsecurity/PaX team has been tracking and
backporting these sorts of stealth vulnerability fixes. Therefore,
would it not make more sense for Gentoo Hardened to follow their lead?
Especially considering they will be supporting 2.6.32 on a long term
basis[1].

Thanks for your time.

[1] <http://grsecurity.net/news.php#stablechosen>

-- 
Mansour Moufid

Re: [gentoo-hardened] Regarding hardened-sources

[Guillaume Castagnino]

Le Mercredi 24 Mars 2010 20:47:08, Mansour Moufid a écrit :
> Hello,
> 
> The latest stable release of grsecurity is for 2.6.32 kernels.
> Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
> now. Is there any particular reason for this?
> 
> Stability is important, but it's also fact that many (most?)
> vulnerabilities in Linux are fixed silently as non-security updates in
> the latest kernels. The grsecurity/PaX team has been tracking and
> backporting these sorts of stealth vulnerability fixes. Therefore,
> would it not make more sense for Gentoo Hardened to follow their lead?
> Especially considering they will be supporting 2.6.32 on a long term
> basis[1].
> 
> Thanks for your time.
> 
> [1] <http://grsecurity.net/news.php#stablechosen>

Try hardened-development overlay (available via layman)
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary

It provides a recent kernel and some toolchain patches 



-- 
Guillaume Castagnino
    casta@xwing.info / guillaume@castagnino.org

RE: [gentoo-hardened] Regarding hardened-sources

[Brian Davis]

[-- Attachment #1: Type: text/plain, Size: 1696 bytes --]


I think the question still stands, however, as to why the "main-line" hardened-sources are not being updated.

> From: casta@xwing.info
> To: gentoo-hardened@lists.gentoo.org
> Subject: Re: [gentoo-hardened] Regarding hardened-sources
> Date: Wed, 24 Mar 2010 20:54:29 +0100
> CC: mansourmoufid@gmail.com
> 
> Le Mercredi 24 Mars 2010 20:47:08, Mansour Moufid a écrit :
> > Hello,
> > 
> > The latest stable release of grsecurity is for 2.6.32 kernels.
> > Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
> > now. Is there any particular reason for this?
> > 
> > Stability is important, but it's also fact that many (most?)
> > vulnerabilities in Linux are fixed silently as non-security updates in
> > the latest kernels. The grsecurity/PaX team has been tracking and
> > backporting these sorts of stealth vulnerability fixes. Therefore,
> > would it not make more sense for Gentoo Hardened to follow their lead?
> > Especially considering they will be supporting 2.6.32 on a long term
> > basis[1].
> > 
> > Thanks for your time.
> > 
> > [1] <http://grsecurity.net/news.php#stablechosen>
> 
> Try hardened-development overlay (available via layman)
> http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary
> 
> It provides a recent kernel and some toolchain patches 
> 
> 
> 
> -- 
> Guillaume Castagnino
>     casta@xwing.info / guillaume@castagnino.org
> 
 		 	   		  
_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_3

[-- Attachment #2: Type: text/html, Size: 2118 bytes --]

Re: [gentoo-hardened] Regarding hardened-sources

[Daniel Kuehn]

[-- Attachment #1: Type: text/plain, Size: 2136 bytes --]

On Thu, Mar 25, 2010 at 2:16 AM, Brian Davis <bridavis@live.com> wrote:

>  I think the question still stands, however, as to why the "main-line"
> hardened-sources are not being updated.
>
> > From: casta@xwing.info
> > To: gentoo-hardened@lists.gentoo.org
> > Subject: Re: [gentoo-hardened] Regarding hardened-sources
> > Date: Wed, 24 Mar 2010 20:54:29 +0100
> > CC: mansourmoufid@gmail.com
>
> >
> > Le Mercredi 24 Mars 2010 20:47:08, Mansour Moufid a écrit :
> > > Hello,
> > >
> > > The latest stable release of grsecurity is for 2.6.32 kernels.
> > > Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
> > > now. Is there any particular reason for this?
> > >
> > > Stability is important, but it's also fact that many (most?)
> > > vulnerabilities in Linux are fixed silently as non-security updates in
> > > the latest kernels. The grsecurity/PaX team has been tracking and
> > > backporting these sorts of stealth vulnerability fixes. Therefore,
> > > would it not make more sense for Gentoo Hardened to follow their lead?
> > > Especially considering they will be supporting 2.6.32 on a long term
> > > basis[1].
> > >
> > > Thanks for your time.
> > >
> > > [1] <http://grsecurity.net/news.php#stablechosen>
> >
> > Try hardened-development overlay (available via layman)
> > http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary
> >
> > It provides a recent kernel and some toolchain patches
> >
> >
> >
> > --
> > Guillaume Castagnino
> > casta@xwing.info / guillaume@castagnino.org
> >
>
> ------------------------------
> The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get
> started.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_3>
>

From what I recall from the discussions on Irc there has been several issues
with .32 and .31 was skipped entirely in favour for .32 but the update to
the main-tree should be coming soon according to Anarchy and gang (Was a
while since I spoke to Anarchy tho, but they are doing their best)

Kind Regards
/Daniel

[-- Attachment #2: Type: text/html, Size: 3170 bytes --]