FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 10-11-2011, 02:52 PM
Yves-Alexis Perez
 
Default Bug#605090: update on featureset

Ok so the tarball on the website isn't really convenient so, for now,
I've put the quilt serie on a git repository on git.d.o:
http://anonscm.debian.org/gitweb/?p=users/corsac/grsec-patches.git;a=summary

The master branch for is for the "sid" branch in debian kernel svn, and
there's a squeeze branch too (though it's for now out of date).

I've updated the patches to the latest svn (sid) version and the latest
grsecurity/pax patches and I'll put updated packages on my server
tonight.

Could we move forward on this?

Regards,
--
Yves-Alexis Perez
ANSSI/ACE/LAM
 
Old 10-11-2011, 07:10 PM
Yves-Alexis Perez
 
Default Bug#605090: update on featureset

On mar., 2011-10-11 at 16:52 +0200, Yves-Alexis Perez wrote:
>
> I've updated the patches to the latest svn (sid) version and the latest
> grsecurity/pax patches and I'll put updated packages on my server
> tonight.

Packages are available on:

deb http://molly.corsac.net/~corsac/debian/kernel-grsec/packages/ sid/

Regards,
--
Yves-Alexis
 
Old 11-10-2011, 01:46 PM
Yves-Alexis Perez
 
Default Bug#605090: update on featureset

On mar., 2011-10-11 at 16:52 +0200, Yves-Alexis Perez wrote:
> Ok so the tarball on the website isn't really convenient so, for now,
> I've put the quilt serie on a git repository on git.d.o:
> http://anonscm.debian.org/gitweb/?p=users/corsac/grsec-patches.git;a=summary

Now upgraded to grsecurity 2.2.2-3.0.8-201110250925 against
linux-2.6_3.0.0-6.

Package (i386 and amd64) should be available on:

deb http://molly.corsac.net/~corsac/debian/kernel-grsec/packages/ sid/

tonight.
>
> Could we move forward on this?

Since I got not reply at all after this mail, I'm asking again. I know
people are busy and I know this bug is not the easiest to handle, but
I'd really like to move on.

Since the RT featureset was added not that long ago, I guess the concept
of featureset is still welcome. I know the situation is different, but
still, I really think Debian users would appreciate a grsecurity
featureset, which wouldn't harm other people kernels thanks to the
alternate image.

Regards,
--
Yves-Alexis Perez
ANSSI/ACE/LAM
 
Old 11-10-2011, 02:24 PM
Ben Hutchings
 
Default Bug#605090: update on featureset

On Thu, 2011-11-10 at 15:46 +0100, Yves-Alexis Perez wrote:
> On mar., 2011-10-11 at 16:52 +0200, Yves-Alexis Perez wrote:
> > Ok so the tarball on the website isn't really convenient so, for now,
> > I've put the quilt serie on a git repository on git.d.o:
> > http://anonscm.debian.org/gitweb/?p=users/corsac/grsec-patches.git;a=summary
>
> Now upgraded to grsecurity 2.2.2-3.0.8-201110250925 against
> linux-2.6_3.0.0-6.
>
> Package (i386 and amd64) should be available on:
>
> deb http://molly.corsac.net/~corsac/debian/kernel-grsec/packages/ sid/
>
> tonight.
> >
> > Could we move forward on this?
>
> Since I got not reply at all after this mail, I'm asking again. I know
> people are busy and I know this bug is not the easiest to handle, but
> I'd really like to move on.
>
> Since the RT featureset was added not that long ago, I guess the concept
> of featureset is still welcome. I know the situation is different, but
> still, I really think Debian users would appreciate a grsecurity
> featureset, which wouldn't harm other people kernels thanks to the
> alternate image.

Every extra featureset that requires additional effort from the existing
team members reduces the effort that can be spent on other tasks.

Is the grsecurity patch getting bigger or smaller over time?

Ben.

--
Ben Hutchings
You can't have everything. Where would you put it?
 
Old 11-10-2011, 03:44 PM
Yves-Alexis Perez
 
Default Bug#605090: update on featureset

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/11/2011 16:24, Ben Hutchings wrote:
> Every extra featureset that requires additional effort from the existing
> team members reduces the effort that can be spent on other tasks.

Yes, I definitely understand that, and I really intend to provide enough
help to minimize the burdain on existing team members which don't care
about that featureset.
>
> Is the grsecurity patch getting bigger or smaller over time?

It's a bit hard to tell. Putting aside the various security backports
(mainly relevant for the 2.6.32 patch), the size seems to have decreased
a little since 2.6.39 (and risen in the 3.0 serie).

Feature-wise, Brad Sprengler and the PaX team still add stuff, like the
gcc plugins or hardening features like symbols hiding, fix bugs (for
example in RBAC code), while few of them reach mainline.

Regards,
- --
Yves-Alexis Perez
ANSSI/ACE/LAM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iQIcBAEBCgAGBQJOu/91AAoJENcc3UqWxbaOkVAQAK5kcuOvmrASldaP0c/CpvXm
AgQBfFLhPJjO8KxB/qDhdAcc4m9Kn7rYbmbFgHi5ujdHu99ccki1+wzZv12LFZkc
VzNs12RQT8OboxQybfNcsRRgledwRGOCIefkKM91z05YSLBOmx NalpC//mcEqx+Y
rSvoZ/+/X/ZFp7krKHULR2oeqJFohjBejnS3/6eLSQDN8HCvGi0QN/MF45X9O+aE
vVhfzkDAV3LuyYXOi82Vi9y01W/7KtLbTGf8TEi7vh2XWwrdzHagnc/Lg28adxfu
QaL/ufabLUY34fdB0R5AfSjKcpnyX4J/tpDEWeObtQTMQc/p/kb0yJXWBTAk3azI
/PlF63OUxUhOh9wFASbYR5nZC+e8ToATA3XAYJ/nGoXKvC2vxD73DIk7jspgstS0
bVYLcuSQ4ZkxG2w3CmbgqdF0/92JTZ5PQEvL/0lM2lwYDFt4cZ4kY2xDK+7uo0uD
8j5Js51T0PPROhg0wKK3Zk5wxnReUj8sOnfB96GtCc8x05N5CC xr49pi6Zfdk6BM
yO1tfvq75x9jfspzAv+mkhZDbfo47NcbKYLM+aZvJGKHavqCU0 ejSOTCSNgsH8og
cY8/tEhIMd3dSY4IXmj8eHl3gSVTkzwRDpRVpGxmicf3HGlfs2tMpL AtiRY4JS8I
eOmxJ7Wbkpv5dstazq8y
=eBwV
-----END PGP SIGNATURE-----



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4EBBFF75.1080105@ssi.gouv.fr">http://lists.debian.org/4EBBFF75.1080105@ssi.gouv.fr
 
Old 11-10-2011, 04:06 PM
Moritz Muehlenhoff
 
Default Bug#605090: update on featureset

On Thu, Nov 10, 2011 at 05:44:37PM +0100, Yves-Alexis Perez wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 10/11/2011 16:24, Ben Hutchings wrote:
> > Every extra featureset that requires additional effort from the existing
> > team members reduces the effort that can be spent on other tasks.
>
> Yes, I definitely understand that, and I really intend to provide enough
> help to minimize the burdain on existing team members which don't care
> about that featureset.
> >
> > Is the grsecurity patch getting bigger or smaller over time?
>
> It's a bit hard to tell. Putting aside the various security backports
> (mainly relevant for the 2.6.32 patch), the size seems to have decreased
> a little since 2.6.39 (and risen in the 3.0 serie).
>
> Feature-wise, Brad Sprengler and the PaX team still add stuff, like the
> gcc plugins or hardening features like symbols hiding, fix bugs (for
> example in RBAC code), while few of them reach mainline.

Maybe we can ask upstream, whether the RBAC code and the rest of the
patch set can be separated? I don't think there's much interest in RBAC
for a Debian feature set, while the rest is quite interesting.

Cheers,
Moritz



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20111110170640.GB23794@inutil.org">http://lists.debian.org/20111110170640.GB23794@inutil.org
 
Old 11-10-2011, 04:16 PM
Yves-Alexis Perez
 
Default Bug#605090: update on featureset

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/11/2011 18:06, Moritz Muehlenhoff wrote:
> Maybe we can ask upstream, whether the RBAC code and the rest of the
> patch set can be separated? I don't think there's much interest in RBAC
> for a Debian feature set, while the rest is quite interesting.
>
Unfortunately, I already asked upstream about a nicely splitted patch,
but Brad didn't seem interested back in time. It might be worth
re-asking though.

Regards,
- --
Yves-Alexis Perez
ANSSI/ACE/LAM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iQIcBAEBCgAGBQJOvAcIAAoJENcc3UqWxbaOK3cP/jUKp59eQbTfQ30JmQsAtKFB
3A2r9PRFvs0eex7O/DYXz2Ua/MFnfCxYg2Xuv79aqH+8mBX/WlmNmZfL7uHCT3Zx
AgvT6A4LFxm5HNtQV4xnqflmEaxFCWBxVgv39ITeCvNKfxXKM6 tYIXmb38GEhB79
srxrL1wW7Kad62YXngQeltTWbJIkWBBgcC29zERXpY/DDoQhwAvel4jSTu+L54NB
zmc8X3YI7gcwMq0Xke+aPNqGu+IfQaUpOu8BVa3WwxN8fNhYkD ddkmrJ2YdpcjeJ
sawNl08d6zgZWntDTKe/KjvJpV9goxP/jKR9vUFYgSl+S90tGKzMzpAQFddgwTh9
h422D1Pbd9swyHQ32AN2RIxVEAf6zXcyZPpGw5NSdsbwu3A+1A 4/BsTDkVNOKarq
msS+0tFwSdwqe8aOvFawenuHmh1s33c6urZn6Bve6a1tWCTs1L apydcl34VYAJrX
ii5zsBAlA/Vl3NujUh8V0rvYzHADB4qjQFIUS+TyEEOaHLVBK4/fUlcGxZnS4HcV
6lw/+Nm7nSbgwBv7lbGRJwOgoT38KRNsh/03IQyC8qNLooHn31HJvctGxMt+o7Hu
E2HqxJC2SPBQGoPXQdqRHK+Bi2z/ukS4u3dtfWsBZxkQQVi9w3Zq7Ele6dx7cXvb
YOF14DsTQbVkg+hgaptH
=j3zh
-----END PGP SIGNATURE-----



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4EBC0708.4020204@ssi.gouv.fr">http://lists.debian.org/4EBC0708.4020204@ssi.gouv.fr
 

Thread Tools




All times are GMT. The time now is 07:03 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org