[grsec] Grsec distro?

Dan Hollis reg5423374856 at anime.net
Mon Nov 28 19:27:38 EST 2005


On Sat, 26 Nov 2005, John Logsdon wrote:
> that problem.  Now I am sure SEL works well - there have been some rather
> silly spats on the CentOS list recently - but it does mean that many
> userland tools are broken or need to be recompiled against libselinux,
> that the attributes have to work (eg can't use Reiser) and a rather
> cumbersome command system when compared to the simple elegance of grsec.

The mechanism of grsecurity+pax is considerably different from that of 
selinux. selinux aims to limit damage from exploits (basically rbac).
grsecurity+pax aims to prevent exploit from happening in the first place 
(stack protection, bounds checking, closing kernel attack vectors, etc).

it's really two different things. imo selinux is just grsecurity's rbac, 
totally excluding pax. but selinux is more cumbersome to use (and 
currently, a lot of incompatibility exists).

-Dan


More information about the grsecurity mailing list