Re: [arch-dev-public] providing grsecurity in [community]
On 19/04/14 12:28 AM, Daniel Micay wrote:
I've already spent far more time writing these mailing list responses than any amount of work I've put into improving security-related issues... speaking of development resources. Hah. I would just like to add that unofficial repositories are usually a dead end.
1. Maintainer adds kernel to his own repository and tries to advertise it in the forums. 2. Only 10 people install it. 3. Maintainer decides it's not worth the work and takes down the repo. With [community] there is a much higher probability that packages will be popular and maintained for awhile.
On 19/04/14 02:11 PM, Connor Behan wrote:
On 19/04/14 12:28 AM, Daniel Micay wrote:
I've already spent far more time writing these mailing list responses than any amount of work I've put into improving security-related issues... speaking of development resources. Hah. I would just like to add that unofficial repositories are usually a dead end.
1. Maintainer adds kernel to his own repository and tries to advertise it in the forums. 2. Only 10 people install it. 3. Maintainer decides it's not worth the work and takes down the repo.
With [community] there is a much higher probability that packages will be popular and maintained for awhile.
I'm already maintaining the userspace components (gradm, paxtest, checksec) that weren't already there (pax-utils) in [community] since there's no political issue attached to them. They're only just barely useful without the kernel though, and it's not going be obvious where to get the corresponding kernel, unless I step out of the usual conventions and have the wiki page talk about an unofficial repository. You can check that an RBAC profile is valid, but not load it. You can verify that the Linux kernel's ASLR implementation is still too weak to pass the `paxtest` tests from the early 2000s, but can't enable something better. Checking for RELRO / PIE / stack canaries is a bit more useful at least...
participants (2)
-
Connor Behan
-
Daniel Micay