Official project position on grsecurity change in release policy?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Official project position on grsecurity change in release policy?

Max R.D. Parmer
Howdy,

Perhaps I missed it, but I've been so far unable to find a position/plan
for the future of hardened-sources from the Gentoo Hardened project
members. I've searched the site and mailing list archives. Has any such
statement been made?

I see there are some efforts to create a community maintained version of
the PaX/Grsecurity patchset[1][2], this seems to be a likely forward
course, but is integrating it the plan of the Hardened project or does
that remain to be seen?


[1]: https://github.com/thestinger/linux-hardened
[2]: https://wiki.gentoo.org/wiki/Hardened_Kernel

Thanks for any additional insight you might provide,
Max

--
0x7D964D3361142ACF

Reply | Threaded
Open this post in threaded view
|

Re: Official project position on grsecurity change in release policy?

Aaron W. Swenson-2
On 2017-05-11 09:31, Max R.D. Parmer wrote:

> Howdy,
>
> Perhaps I missed it, but I've been so far unable to find a position/plan
> for the future of hardened-sources from the Gentoo Hardened project
> members. I've searched the site and mailing list archives. Has any such
> statement been made?
>
> I see there are some efforts to create a community maintained version of
> the PaX/Grsecurity patchset[1][2], this seems to be a likely forward
> course, but is integrating it the plan of the Hardened project or does
> that remain to be seen?
>
>
> [1]: https://github.com/thestinger/linux-hardened
> [2]: https://wiki.gentoo.org/wiki/Hardened_Kernel
>
> Thanks for any additional insight you might provide,
> Max
There’s been discussion on it, but I don’t know if we have come to a
decision.

https://archives.gentoo.org/gentoo-hardened/threads/2017-05/

signature.asc (352 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Official project position on grsecurity change in release policy?

Sven Vermeulen
On Fri, May 12, 2017 at 09:45:50AM -0400, Aaron W. Swenson wrote:

> On 2017-05-11 09:31, Max R.D. Parmer wrote:
> > Perhaps I missed it, but I've been so far unable to find a position/plan
> > for the future of hardened-sources from the Gentoo Hardened project
> > members. I've searched the site and mailing list archives. Has any such
> > statement been made?
> >
> > I see there are some efforts to create a community maintained version of
> > the PaX/Grsecurity patchset[1][2], this seems to be a likely forward
> > course, but is integrating it the plan of the Hardened project or does
> > that remain to be seen?
> >
> >
> > [1]: https://github.com/thestinger/linux-hardened
> > [2]: https://wiki.gentoo.org/wiki/Hardened_Kernel
> >
> > Thanks for any additional insight you might provide,
> > Max
>
> There’s been discussion on it, but I don’t know if we have come to a
> decision.
>
> https://archives.gentoo.org/gentoo-hardened/threads/2017-05/

I agree that there's not decision yet. Partially because every decision will
need to be staffed, and I think there is currently not enough time &
resources to actually move towards a particular situation.

The resource you mentioned (the [2]) is brand new, and is still forming. I
don't know how resource-rich the involved people are and if they can
continue to support the endeavour (which is not to be underestimated).

For Gentoo Hardened itself, it will always be a challenge to identify if
such a project is long-term viable or not. We probably don't want to start
using it, only to learn after 3 months that it didn't work out.

Personally, I can only say that I'm going to try put more time back into the
SELinux stuff, as that is one part that is long(er) term proof. But it sadly
only covers a small part of an overall hardened system architecture.

Wkr,
        Sven Vermeulen