[grsec] grsecurity 2.1.11 released for Linux 2.4.36.2/2.6.24.4

Marcel Meyer meyerm at fs.tum.de
Wed May 7 06:20:44 EDT 2008 

Hi pageexec, hi Brad and everyone else involved,


first of all let me say, how sad this is but that I understand you're 
struggleing. So I don't want to sound selfish and ruthless, but I'm really 
concerned, so I dare to ask nontheless. Please don't take it personally. 
Your work was and is much appreciated!

Am Mittwoch, 7. Mai 2008 schrieb pageexec at freemail.hu:
> so lest things change for the better, future releases may not happen at 
> all or rather irregularly. 
You said neither small-project-help nor donating would help anything. So not 
even getting enough interested companies together to fund your work would 
be a solution. In the long run we may reckon that you will no longer 
pushing PaX forward. And someone else taking over is, as you already said, 
not very likely. Kernel work itself and especially security related stuff 
isn't simply anything you can learn along the way as coding for a desktop 
environment.

But when looking on the administrators: what alternatives do we have when we 
need/want to use Linux on important servers? Looking on the 4 big security 
related Linuxkernel-projects doesn't seem to offer a solution. SELinux 
(which is a pita due to it's complexity and error-proneness while 
configuring) and AppArmor only offer protection for a couple of objects 
(files, sockets, etc.). RSBAC and grSecurity both rely on PaX for memory 
protection etc.

Staying with an old kernel for a long time is of no use. Especially since 
the virtualisation techniques are getting updates each day and on the other 
hand these are getting more and more important again. Is there anything 
comparable (which I disbelieve since after creating an internal 
presentation about the kernel based security enhancements within the last 
years I realised how much came out of your project! Congratulations :-) ) 
which can be used as a drop-in when PaX really stops adapting to new 
kernels? Or what can be the way to go for us paranoid folks which is only 
sleeping well because you abstained from the same? ;-)


Again thank you very, very much for your awesome work!

Marcel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20080507/92f354bc/attachment.pgp

More information about the grsecurity mailing list