[grsec] grsec patch for 2.6.15?

John Logsdon j.logsdon at quantex-research.com
Tue Jan 10 13:11:42 EST 2006 

A Happy New Year to you all.

I think this thread is going a little off the mark, particularly as Brad
has not contributed.  Supporting a load of kernels may be a nice idea but
from where are the resources to come?  It is a way of guaranteeing forking
in the project.  It is bad enough supporting vanilla 2.4 and 2.6 kernels.

While the Debian-originated [K]ubuntu seems to be the flavour of the month
now, and I admit it went up on my new laptop without problems, tomorrow it
will be something else.  Many other people use distros of a RedHat origin,
such as CentOS.  I can, in principle, run a vanilla kernel on either but I
don't think the distro-specific kernels are interchangeable.

Of course you can always go Gentoo if you want and compile everything
yourself but I think the grsec version they offer is a little old at the
moment.  I may be wrong there.

There may be issues with the 2.6 vanilla kernel - some of which may be
solved by distro-specific versions.  If so, the powers that be *should*
implement the fixes in the vanilla kernel.  I say should because last
year, after pointing out some kernel security flaws privately to the top
people and seeing no action, Brad put the issue on /.<:-)> The flames
could be felt over this side of the pond.  But the issues were I believe
fixed in the end.

Whatever shortcomings there are, grsec/PaX need to continue to support the
vanilla kernel only.  It's the only way to ensure that the project
survives coherently.

Best wishes

John

John Logsdon                               "Try to make things as simple
Quantex Research Ltd, Manchester UK         as possible but not simpler"
j.logsdon at quantex-research.com              a.einstein at relativity.org
+44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com


On Tue, 10 Jan 2006, Roman Vesely wrote:

> Ondrej Zilinec wrote:
> > Hello
> > 
> > This is nice discussion and I want to say that it wouldn't be good idea
> > to put grsec to Ubuntu distro becuase people should decide if they want
> > it or not and, as you may know, there are couple tenths of settings for
> > grsec and it would be hard to determine which ones user should or
> > shouldn't use.
> > 
> > Sincerely, Ondrej Zilinec
> > 
> 
> 
> I agree with you.
> I've been thinking only support official Ubuntu kernel with patch.
> The same way as grsrec now support vanilla kernel.
> 
> Roman
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>

More information about the grsecurity mailing list