On 20/04/14 05:12 AM, Sébastien Luttringer wrote:
On 19/04/2014 01:21, Connor Behan wrote:
On 18/04/14 04:09 AM, S?bastien Luttringer wrote:
On 16/04/2014 06:09, Daniel Micay wrote:
I don't think it makes sense to bother with the nvidia module because it would be a bit silly to mix it with grsecurity.
Why user with nvidia cards should be deprived of grsec security enhancement? Because the use of closed-source kernel modules is inherently insecure anyway.
We use closed-source components on our computer everyday (BIOS, firmwares) because we trust hardware provider like Nvidia. I wouldn't says that people who have Nvidia cards and run Nvidia drivers are in an "inherently insecure" situation.
That's true, I'm just not interested in maintaining it myself because I think it's a bit silly regardless :). I have no problem at all with someone maintaining a DKMS nvidia package or grsec-specific package to have it work. It doesn't harm me in any way to have the choice available.
(hide others users process)
This is actually one of the few grsecurity features that tricked upstream. It's available as the `hidepid=2` mount option for /proc. Sadly it breaks systemd to some extent due to the cgroup filesystem in the kernel being inadequate (no namespacing support).