Openwall's HARDEN_SHM as an optional sysctl.ĭan Rosenberg got Openwall's dmesg restriction merged upstream and attempted to get grsecurity's HIDESYM feature merged upstream. What got merged upstream as a result of this?Ī variant of /proc restrictions from Openwall and grsec (but without my additional changes). What has been suggested was already attempted by Vasiliy Kulikov during the 2011 GSOC. It was overall an SELinux circlejerk and a waste of time (other than convincing Kees Cook apparently). Do you know how many major kernel developers attended the summit? None! They were all busy in their own non-security subgroups. I paid out of my own pocket in 2010 to attend the Linux Security Summit and present on what the current state of security was in grsecurity and suggesting ways Linux could harden the kernel in the next decade (judging by how long it takes to rip off our features). I don't want to spend my time playing politics. The only work that interests me is dealing with the unsolved, difficult security problems. If you think otherwise, ask who is currently ensuring that kptr_restrict in the upstream kernel does what it claims? It would still be a cost to us every time the kernel is updated. Where do you propose this additional time come from to do the things you suggest? Take note that that additional time isn't a one-time cost, it would be a cost any time we want to push any additions or changes. It already uses up more of my time than I'm comfortable with. People who suggest what patrick_g have suggested are generally ignorant of our history and what we've done, and honestly I find the constant suggestions (even if good-intentioned) from people who don't contribute to furthering security or to our project in any way pretty tiresome and rude.īoth the PaX Team and myself do this work in our own free time. This is the post I'll link to for similar questions in the future. We've addressed this several times in different places, including:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |