Mailing List Archive: Gentoo: Hardened

Regarding hardened-sources

Index | Next | Previous | View Threaded

mansourmoufid at gmail

Mar 24, 2010, 12:47 PM

Post #1 of 4 (1262 views)
Permalink

Regarding hardened-sources

Hello,

The latest stable release of grsecurity is for 2.6.32 kernels.
Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
now. Is there any particular reason for this?

Stability is important, but it's also fact that many (most?)
vulnerabilities in Linux are fixed silently as non-security updates in
the latest kernels. The grsecurity/PaX team has been tracking and
backporting these sorts of stealth vulnerability fixes. Therefore,
would it not make more sense for Gentoo Hardened to follow their lead?
Especially considering they will be supporting 2.6.32 on a long term
basis[1].

Thanks for your time.

[1] <http://grsecurity.net/news.php#stablechosen>

--
Mansour Moufid

casta at xwing

Mar 24, 2010, 12:54 PM

Post #2 of 4 (1199 views)
Permalink

Re: Regarding hardened-sources [In reply to]

Le Mercredi 24 Mars 2010 20:47:08, Mansour Moufid a écrit :
> Hello,
>
> The latest stable release of grsecurity is for 2.6.32 kernels.
> Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
> now. Is there any particular reason for this?
>
> Stability is important, but it's also fact that many (most?)
> vulnerabilities in Linux are fixed silently as non-security updates in
> the latest kernels. The grsecurity/PaX team has been tracking and
> backporting these sorts of stealth vulnerability fixes. Therefore,
> would it not make more sense for Gentoo Hardened to follow their lead?
> Especially considering they will be supporting 2.6.32 on a long term
> basis[1].
>
> Thanks for your time.
>
> [1] <http://grsecurity.net/news.php#stablechosen>

Try hardened-development overlay (available via layman)
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary

It provides a recent kernel and some toolchain patches

--
Guillaume Castagnino
casta [at] xwing / guillaume [at] castagnino

bridavis at live

Mar 24, 2010, 6:16 PM

Post #3 of 4 (1204 views)
Permalink

RE: Regarding hardened-sources [In reply to]

I think the question still stands, however, as to why the "main-line" hardened-sources are not being updated.

> From: casta [at] xwing
> To: gentoo-hardened [at] lists
> Subject: Re: [gentoo-hardened] Regarding hardened-sources
> Date: Wed, 24 Mar 2010 20:54:29 +0100
> CC: mansourmoufid [at] gmail
>
> Le Mercredi 24 Mars 2010 20:47:08, Mansour Moufid a écrit :
> > Hello,
> >
> > The latest stable release of grsecurity is for 2.6.32 kernels.
> > Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
> > now. Is there any particular reason for this?
> >
> > Stability is important, but it's also fact that many (most?)
> > vulnerabilities in Linux are fixed silently as non-security updates in
> > the latest kernels. The grsecurity/PaX team has been tracking and
> > backporting these sorts of stealth vulnerability fixes. Therefore,
> > would it not make more sense for Gentoo Hardened to follow their lead?
> > Especially considering they will be supporting 2.6.32 on a long term
> > basis[1].
> >
> > Thanks for your time.
> >
> > [1] <http://grsecurity.net/news.php#stablechosen>
>
> Try hardened-development overlay (available via layman)
> http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary
>
> It provides a recent kernel and some toolchain patches
>
>
>
> --
> Guillaume Castagnino
> casta [at] xwing / guillaume [at] castagnino
>

_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_3

enhaisa at gmail

Mar 25, 2010, 12:44 AM

Post #4 of 4 (1195 views)
Permalink

Re: Regarding hardened-sources [In reply to]

On Thu, Mar 25, 2010 at 2:16 AM, Brian Davis <bridavis [at] live> wrote:

> I think the question still stands, however, as to why the "main-line"
> hardened-sources are not being updated.
>
> > From: casta [at] xwing
> > To: gentoo-hardened [at] lists
> > Subject: Re: [gentoo-hardened] Regarding hardened-sources
> > Date: Wed, 24 Mar 2010 20:54:29 +0100
> > CC: mansourmoufid [at] gmail
>
> >
> > Le Mercredi 24 Mars 2010 20:47:08, Mansour Moufid a Ã©crit :
> > > Hello,
> > >
> > > The latest stable release of grsecurity is for 2.6.32 kernels.
> > > Gentoo's hardened-sources have been stuck at 2.6.28-r9 for a while
> > > now. Is there any particular reason for this?
> > >
> > > Stability is important, but it's also fact that many (most?)
> > > vulnerabilities in Linux are fixed silently as non-security updates in
> > > the latest kernels. The grsecurity/PaX team has been tracking and
> > > backporting these sorts of stealth vulnerability fixes. Therefore,
> > > would it not make more sense for Gentoo Hardened to follow their lead?
> > > Especially considering they will be supporting 2.6.32 on a long term
> > > basis[1].
> > >
> > > Thanks for your time.
> > >
> > > [1] <http://grsecurity.net/news.php#stablechosen>
> >
> > Try hardened-development overlay (available via layman)
> > http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary
> >
> > It provides a recent kernel and some toolchain patches
> >
> >
> >
> > --
> > Guillaume Castagnino
> > casta [at] xwing / guillaume [at] castagnino
> >
>
> ------------------------------
> The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get
> started.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_3>
>

From what I recall from the discussions on Irc there has been several issues
with .32 and .31 was skipped entirely in favour for .32 but the update to
the main-tree should be coming soon according to Anarchy and gang (Was a
while since I spoke to Anarchy tho, but they are doing their best)

Kind Regards
/Daniel

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads