[grsec] Grsec distro?

John Logsdon j.logsdon at quantex-research.com
Sat Nov 26 10:15:22 EST 2005 

Jan and list

Thanks for this link.  Debian/Ubuntu Hardened seem to be rather like
Gentoo which is Debian-based and offers the options for Grsec and SEL when
you build it.  Again there is the problem of what version of grsec.

I followed the vSecurity link and note that that seems to take some of
grsec (I don't know how old) and Openwall and puts this within an LSM
framework.  I thought LSM was rather frowned on in the grsec community -
see Brad's comments LSM on the web site.  So that's a bit of a puzzle.

One of the issues of course is that RH have clearly decided to bundle SEL
in and this means that any of the downstream distros like CentOS inherit
that problem.  Now I am sure SEL works well - there have been some rather
silly spats on the CentOS list recently - but it does mean that many
userland tools are broken or need to be recompiled against libselinux,
that the attributes have to work (eg can't use Reiser) and a rather
cumbersome command system when compared to the simple elegance of grsec.

So I thought that a ready-rolled grsec version either built on RH or
Debian with sensible packages (well a minimalist anyway) would make it
much more attractive and therefore marketable.  

Things change quite quickly and I can also see the benefit of only being
concerned with the kernel and patches...  I was just wondering whether it
was on anyone's road map.

Best wishes

John

John Logsdon                               "Try to make things as simple
Quantex Research Ltd, Manchester UK         as possible but not simpler"
j.logsdon at quantex-research.com              a.einstein at relativity.org
+44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com


On Sat, 26 Nov 2005, Jan Krueger wrote:

> Hi,
> 
> > Has anyone thought of setting up a grsec distro?  
> 
> The folks at [1]Debian Hardened are trying to do just that. I don't know
> what progress they've made so far, though.
> 
> [1] http://www.debian-hardened.org/
> 
> -- 
> # Best regards, Jan 'jast' Krueger <jast at ruby-co de>
> print'text: ';l=gets;I=['%q,0-9a-f,',',','%q,(-/:-@[,'];i="pack"+
> "('H*')";l=eval("l.un#{i}[0].tr #{I}"); $><<"$><<[%q_#{l.gsub /(^
> \W{64}|\W{72})/x,"\\1\n"}_.\ngsub(/\\s/,'').tr(#{I.reverse})]."+i
>

More information about the grsecurity mailing list