[grsec] any info on the new versions of patches?

jnf jnf at nosec.net
Fri Jan 14 09:43:31 EST 2005


I cannot speak on the changes made to grsec, I have no idea at this point-
however I just wanted to point out that things could be faster/slower as a
result of the new kernel, which could be totally unrelated to kernel
patches- as you can see in the firewall. The config itself doesnt really
matter (of course if you change the config and add a bunch of stuff it
will be a bigger image with more functions and such), what matters is the
code behind it- and if a bunch has been added, then that would explain why
its going slower.

On the flipside I know the networking and vmu was worked on a lot between
the 2.4 and 2.6 series, and should be overall faster, but as anyone with
an email address can tell, it comes with its own problems (re: 1001 kernel
vulns released by the isec.pl ppl).

just my 4 peso's.

jnf

--

There are only two choices in life. You either conform the truth to your desire,
or you conform your desire to the truth. Which choice are you making?
On Fri, 14 Jan 2005, Carlos Carvalho wrote:

> Date: Fri, 14 Jan 2005 11:33:51 -0200
> From: Carlos Carvalho <carlos at fisica.ufpr.br>
> To: Brad Spengler <spender at grsecurity.net>
> Cc: grsecurity at grsecurity.net
> Subject: Re: [grsec] any info on the new versions of patches?
>
> Brad Spengler (spender at grsecurity.net) wrote on 12 January 2005 21:12:
>  >On Wed, Jan 12, 2005 at 07:35:30PM -0200, Carlos Carvalho wrote:
>  >> I've seen that there are new versions of the grsec patch and secfixes
>  >> at ~spender. Should they be used? Do they include fixes for the new
>  >> SMP page fault handler?
>  >
>  >Please do test them out.  There is a 2.1.1 patch for 2.4.29-rc2 there
>  >and a patch for 2.6.10.  2.4.29-rc2 has the SMP page fault handler bug
>  >fixed, and I'm working on updating the 2.6.10 secfix patch right now.
>
> I'm running it on our main critical server and everything seems fine.
> I just have a fuzzy feeling of it being slower however this is only a
> subjective impression. The load on the machine now is different from
> what it was before the upgrade and the difference is small and hard to
> measure. I mention this just because it's a test release. Are the
> changes between grsec 2.1 and 2.1.1 that could make it slower? If you
> don't see such a possibility forget this.
>
> On the other hand, we have a firewall that is now running vanilla
> 2.4.29-rc2 and users are complaining that net access is much slower
> than when the fw ran 2.4.25 with the same kernel config. ??!!
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>


More information about the grsecurity mailing list