[arch-dev-public] providing grsecurity in [community]

Sébastien Luttringer seblu at seblu.net
Sun Apr 20 05:12:24 EDT 2014


On 19/04/2014 01:21, Connor Behan wrote:
> On 18/04/14 04:09 AM, S?bastien Luttringer wrote:
>> On 16/04/2014 06:09, Daniel Micay wrote:
>>> I don't think it makes sense to bother with the
>>> nvidia module because it would be a bit silly to mix it with grsecurity.
>>>
>> Why user with nvidia cards should be deprived of grsec security enhancement?
> Because the use of closed-source kernel modules is inherently insecure
> anyway.
> 
We use closed-source components on our computer everyday (BIOS,
firmwares) because we trust hardware provider like Nvidia.
I wouldn't says that people who have Nvidia cards and run Nvidia drivers
are in an "inherently insecure" situation.

There are features in grsec which can be useful even with an Nvidia
module (hide others users process, restricted ipc, etc).

-- 
Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
GPG: 0x2072D77A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140420/fba336da/attachment.asc>


More information about the arch-dev-public mailing list