FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 09-22-2011, 08:20 PM
Michael Mol
 
Default hardened-sources...what?

I'll assume for the moment that the hardened-sources patch set
discussed includes security improvements.

My question is...what kinds? For what reason is there a set of "makes
it more secure" patches that aren't integrated into the mainline
kernel? Are they just not stable in some fashion? Do they exclude some
kernel functionality? Do they impact performance?

What exactly is this patch set, and why is it separate?

--
:wq
 
Old 09-22-2011, 09:12 PM
Paul Hartman
 
Default hardened-sources...what?

On Thu, Sep 22, 2011 at 3:20 PM, Michael Mol <mikemol@gmail.com> wrote:
> I'll assume for the moment that the hardened-sources patch set
> discussed includes security improvements.
>
> My question is...what kinds? For what reason is there a set of "makes
> it more secure" patches that aren't integrated into the mainline
> kernel? Are they just not stable in some fashion? Do they exclude some
> kernel functionality? Do they impact performance?
>
> What exactly is this patch set, and why is it separate?

I think it's essentially gentoo-sources with the grsecurity patchset
on top. Check out the Gentoo Hardened website for better info about
the Hardened project:

http://www.gentoo.org/proj/en/hardened/
 
Old 09-22-2011, 09:51 PM
"Francisco Blas Izquierdo Riera (klondike)"
 
Default hardened-sources...what?

El 22/09/11 22:20, Michael Mol escribió:
> My question is...what kinds?
Well mainly the PaX and the grsecurity patches. I also heard there is a
WIP in bringing RSBAC back again too.
> For what reason is there a set of "makes
> it more secure" patches that aren't integrated into the mainline
> kernel?
The main reason is political reasons.
> Are they just not stable in some fashion?
As with all, newer features in the patchset can cause crashes but
crashes on the old ones are very rare.
> Do they exclude some
> kernel functionality?
Some bits and usually they restrict it more than excluding it.
> Do they impact performance?
That also happens with some of the features but usually performance
impacts are noted.

If you are interested in knowing more about the patchset you may want to
look at this document:
http://klondike.xiscosoft.es/charlas/Hardened/GentooHardenedWhy.odt

El 22/09/11 23:12, Paul Hartman escribió:
> I think it's essentially gentoo-sources with the grsecurity patchset
> on top.
It is gentoo-sources minus the framebuffer patch plus PaX and grsecurity
patches + some custom security profiles.
 

Thread Tools




All times are GMT. The time now is 04:08 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org