[grsec] Kernel version tracking policy?

Rodrigo Rubira Branco (BSDaemon) rodrigo at kernelhacking.com
Fri Jul 20 11:50:31 EDT 2007


The "security problem" is not related to functionality, but to the stability
and new code being inserted...

Since 2.6 have no "development branch" anymore, many people are changing it
everytime... the base code is changing so much quickly, many important
changes are done in the 'stable' version of the kernel and no one are trying
the security of this codes.

You can see many efforts to solve race conditions in drivers, integer
overflows in memory manager and many others...



cya,


Rodrigo (BSDaemon).


--
http://www.kernelhacking.com/rodrigo

Kernel Hacking: If i really know, i can hack

GPG KeyID: 1FCEDEA1


--------- Mensagem Original --------
De: Social Care <i.do.not.care at web.de>
Para: grsecurity at grsecurity.net <grsecurity at grsecurity.net>
Assunto: Re: [grsec] Kernel version tracking policy?
Data: 20/07/07 15:26

> On 7/20/07, pageexec at freemail.hu &lt;pageexec at freemail.hu&gt; wrote:&gt;
On 13 Jul 2007 at 0:43, Mike Perry wrote:&gt; &gt; Is there any strategy
behind the current efforts to support
> &gt; &gt; particular kernel versions?&gt; &quot;it is less work to keep
track of development changes&quot;&gt; &gt; I would think that most
grsecurity users would want both&gt; &gt; security and stability on their
production systems.
> &gt; we said it before, but here it is again: don&#39;t use 2.6 in
such&gt; cases [...]&gt; you already decided to trade security for
features/etc and&gt; discussion of which 2.6.x to track for stability and
security
> &gt; misses the point.Honestly, I am not a skilled programmer. So I could
not offer mymanpower to port one grsecurity release to older kernel
versions.But one thing I would like to get cleared now, since these myths
> about 2.6 kernel insecurities exist since ages.I personally have the
feeling that 2 or maybe 3 very conservativesecurity guys started babbling
how it is much more secure to staywith a 2.4 kernel. And then the lot of
wannabe experts started
> to pick up without being able to name any facts.At least I never came
across a trustworthy whitepaper that listedadvantages of a 2.4 kernel of
version 2.6 regarding security.Could somebody please mention specific
features in a
> 2.6 kernelthat are more insecure compared to a 2.4 kernel?And about the
origin question of Mike Perry I would like to saythat I fully agree:The
cleanest grsecurity code is the latest version which depends
> on the relatively new kernel. But for the cleanest kernel codepeople
advise you to go with an older but well tested kernel.This is a caveat.What
if the newest grsecurity release would focus on the current
> kernel in the stable release of debian, for example?Going by grsecurity
and the 2.4 kernel is plain impossible withthe stable release of debian.
Just two of multiple big problemsis the missing udev and acpi support.
> What is the advice of the experts?-- greetings from somebody who cares
about facts.
>
>
>
>
>
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>

________________________________________________
Message sent using UebiMiau 2.7.2



More information about the grsecurity mailing list