FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 12-28-2011, 03:45 AM
Carlos Alberto Lopez Perez
 
Default Bug#605090: Add a grsec featureset to Debian kernels

Hello,


What is the status of this? It has been a looong time ago since last update.


I am also interested in having a Debian kernel with the grsec+pax
featureset and I am sure that many sysadmins would appreciate this
possibility. There is a huge user base of grsec from hosting companies.


I agree that this RBAC thing may be not interesting for everybody giving
the fact that it duplicates some functionality (we already have SELinux
and TOMOYO).


So if you really feel so strong about removing this feature from the
debian-grsec-kernel it can be easily done just by setting
CONFIG_GRKERNSEC_NO_RBAC=y in the .config (there is no need to ask
upstream to split the patch).


Anyway I think RBAC is a nice feature and it don't hurts: Its far easier
to use than SElinux [1] and we already have in Debian the user-space
tools to work with it:

CC'ing Laszlo Boszormenyi
(maintainer of linux-patch-grsecurity2, paxctl and gradm2)



I would like to see this moving forward, so I volunteer myself to help
with the maintenance of this featureset.



Regards!


[1] http://www.cs.virginia.edu/~jcg8f/SELinux%20grsecurity%20paper.pdf


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
Carlos Alberto Lopez Perez http://neutrino.es
Igalia - Free Software Engineering http://www.igalia.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
 
Old 01-09-2012, 01:19 PM
Yves-Alexis Perez
 
Default Bug#605090: Add a grsec featureset to Debian kernels

On mer., 2011-12-28 at 05:45 +0100, Carlos Alberto Lopez Perez wrote:
> Hello,
>
>
> What is the status of this? It has been a looong time ago since last update.

Sorry for the delay. As the BTS doesn't automatically CC the submitter,
please keep me on CC: when replying to this bug.

For sid, I keep updating the kernels from time to time, you can see the
grsec-patches (against the sid svn branch) at
http://anonscm.debian.org/gitweb/ and binary packages can be found at
http://molly.corsac.net/~corsac/debian/kernel-grsec/packages/sid/ (I
don't upload every built kernel there since it's a bit huge.

For squeeze, I'm a bit lagging but I should update both the relevant
branch in grsec-patches and the repository.

I don't give a status update each time I update the repositories in
order not to flood people, and I still hope some positive answer from
the kernel team (until it's obvious it's too late for Wheezy).
>
>
> I am also interested in having a Debian kernel with the grsec+pax
> featureset and I am sure that many sysadmins would appreciate this
> possibility. There is a huge user base of grsec from hosting companies.

Thanks for the support.
>
>
> I agree that this RBAC thing may be not interesting for everybody giving
> the fact that it duplicates some functionality (we already have SELinux
> and TOMOYO).
>
>
> So if you really feel so strong about removing this feature from the
> debian-grsec-kernel it can be easily done just by setting
> CONFIG_GRKERNSEC_NO_RBAC=y in the .config (there is no need to ask
> upstream to split the patch).

This was mostly about upstreaming things, in fact. But disabling an
option doesn't make the patch smaller.
>
>
> Anyway I think RBAC is a nice feature and it don't hurts: Its far easier
> to use than SElinux [1] and we already have in Debian the user-space
> tools to work with it:
>
> CC'ing Laszlo Boszormenyi
> (maintainer of linux-patch-grsecurity2, paxctl and gradm2)

Note that linux-patch-grsecurity2 should really be removed now.
>
>
>
> I would like to see this moving forward, so I volunteer myself to help
> with the maintenance of this featureset.
>
Thanks for that
--
Yves-Alexis
 

Thread Tools




All times are GMT. The time now is 02:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org