Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. Hardened
Official project position on grsecurity change in release policy?
maxp at trystero
May 11, 2017, 9:31 AM
Post #1 of 3 (1321 views)
Permalink
Howdy,

Perhaps I missed it, but I've been so far unable to find a position/plan
for the future of hardened-sources from the Gentoo Hardened project
members. I've searched the site and mailing list archives. Has any such
statement been made?

I see there are some efforts to create a community maintained version of
the PaX/Grsecurity patchset[1][2], this seems to be a likely forward
course, but is integrating it the plan of the Hardened project or does
that remain to be seen?


[1]: https://github.com/thestinger/linux-hardened
[2]: https://wiki.gentoo.org/wiki/Hardened_Kernel

Thanks for any additional insight you might provide,
Max

--
0x7D964D3361142ACF
Re: Official project position on grsecurity change in release policy? [ In reply to ]
titanofold at gentoo
May 12, 2017, 6:45 AM
Post #2 of 3 (1316 views)
Permalink
On 2017-05-11 09:31, Max R.D. Parmer wrote:
> Howdy,
>
> Perhaps I missed it, but I've been so far unable to find a position/plan
> for the future of hardened-sources from the Gentoo Hardened project
> members. I've searched the site and mailing list archives. Has any such
> statement been made?
>
> I see there are some efforts to create a community maintained version of
> the PaX/Grsecurity patchset[1][2], this seems to be a likely forward
> course, but is integrating it the plan of the Hardened project or does
> that remain to be seen?
>
>
> [1]: https://github.com/thestinger/linux-hardened
> [2]: https://wiki.gentoo.org/wiki/Hardened_Kernel
>
> Thanks for any additional insight you might provide,
> Max

There’s been discussion on it, but I don’t know if we have come to a
decision.

https://archives.gentoo.org/gentoo-hardened/threads/2017-05/

Attached Files:

Re: Official project position on grsecurity change in release policy? [ In reply to ]
swift at gentoo
May 18, 2017, 9:15 AM
Post #3 of 3 (1301 views)
Permalink
On Fri, May 12, 2017 at 09:45:50AM -0400, Aaron W. Swenson wrote:
> On 2017-05-11 09:31, Max R.D. Parmer wrote:
> > Perhaps I missed it, but I've been so far unable to find a position/plan
> > for the future of hardened-sources from the Gentoo Hardened project
> > members. I've searched the site and mailing list archives. Has any such
> > statement been made?
> >
> > I see there are some efforts to create a community maintained version of
> > the PaX/Grsecurity patchset[1][2], this seems to be a likely forward
> > course, but is integrating it the plan of the Hardened project or does
> > that remain to be seen?
> >
> >
> > [1]: https://github.com/thestinger/linux-hardened
> > [2]: https://wiki.gentoo.org/wiki/Hardened_Kernel
> >
> > Thanks for any additional insight you might provide,
> > Max
>
> There’s been discussion on it, but I don’t know if we have come to a
> decision.
>
> https://archives.gentoo.org/gentoo-hardened/threads/2017-05/

I agree that there's not decision yet. Partially because every decision will
need to be staffed, and I think there is currently not enough time &
resources to actually move towards a particular situation.

The resource you mentioned (the [2]) is brand new, and is still forming. I
don't know how resource-rich the involved people are and if they can
continue to support the endeavour (which is not to be underestimated).

For Gentoo Hardened itself, it will always be a challenge to identify if
such a project is long-term viable or not. We probably don't want to start
using it, only to learn after 3 months that it didn't work out.

Personally, I can only say that I'm going to try put more time back into the
SELinux stuff, as that is one part that is long(er) term proof. But it sadly
only covers a small part of an overall hardened system architecture.

Wkr,
Sven Vermeulen

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal