[grsec] Upcoming sponsorship opportunity
Brad Spengler
spender at grsecurity.net
Tue Jun 28 20:52:58 EDT 2011
Hi all,
I wanted to let you know about an opportunity within the next month or
two that you may be interested in. Due to some unique real-life
events, in a month or two I'll have at least a month of mostly free
time. I figured it'd be a good idea to put the downtime to good use:
knocking out large items on my TODO list that I don't currently have
time to dedicate to in my free time apart from the normal maintenance,
development, and support of grsecurity.
If I can find some new sponsors at least for the stretch of my time off,
I'll tackle some things like:
Allowing /proc restrictions to be toggled via sysctl at runtime
More documentation
Container support for RBAC/chroot restrictions
- there are some options here (for RBAC): making RBAC policies act as a
global policy that applies to all containers, requiring per-namespace
policies, or having a global RBAC policy that can be overriden
by per-namespace policies (with some subset of privilege checks)
IPv6 support for RBAC socket policies
Runtime policy updates (adding of new roles, subject modification, etc
without having to reload the entire policy)
Additional regex usage in RBAC learning, for tighter policies that
abstract out version numbers for instance
Incorporate some concepts from Machine Learning to replace existing
learning heuristics with (possibly, I'm still researching the best way
to apply this) selection of a predicted access profile; the ultimate
goal here is to eliminate locations where we unnecessarily merge
read/write accesses while at the same time reducing these mixed
accesses down to a single directory
Improving learn_config through an audit of learned policies with more
services on various distros
Improve NFS support in RBAC learning
64bit inode support in the RBAC system
These are just some of the things in my TODO; whatever I work on will be
determined by sponsor requests. Sponsors can also request items not on
my own list.
I'm also auctioning off a low-power (draws only 300 watts) 72-core MIPS
cluster to sponsor the work (with 10-20% going to charity depending on
the sale price). You can find it here:
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=290568230232
Also, just as a reminder, we have a blog at:
http://forums.grsecurity.net/viewforum.php?f=7
where we aim to present/explain new features and discuss other things
security-related. You can subscribe to the RSS feed for new posts here:
http://forums.grsecurity.net/feed.php?mode=news
If you've been using the latest patches you may have seen a new feature
with an interesting component called PAX_STACKLEAK. I'm told there's a
post about it forthcoming.
There are also RSS feeds for the stable patches at:
http://grsecurity.net/stable_rss.php
and test patches at:
http://grsecurity.net/testing_rss.php
and changelogs available:
http://grsecurity.net/changelog-stable.txt
http://grsecurity.net/changelog-test.txt
Please contact me directly if you have any questions or are interested
in this sponsorship opportunity.
Thanks,
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://grsecurity.net/pipermail/grsecurity/attachments/20110628/f8ea76d5/attachment.pgp>
More information about the grsecurity
mailing list