[arch-dev-public] providing grsecurity in [community]

Jan de Groot jan at jgc.homeip.net
Sun Apr 20 18:30:54 EDT 2014

On zo, 2014-04-20 at 11:12 +0200, Sébastien Luttringer wrote:
> We use closed-source components on our computer everyday (BIOS,
> firmwares) because we trust hardware provider like Nvidia.
> I wouldn't says that people who have Nvidia cards and run Nvidia
> drivers
> are in an "inherently insecure" situation.
> There are features in grsec which can be useful even with an Nvidia
> module (hide others users process, restricted ipc, etc).

The problem with Nvidia and grsecurity is that Nvidia doesn't test their
drivers on grsecurity kernels. With grsecurity you alter the way the
kernel works. If this alters the kernel in any way that the Nvidia
binary driver doesn't expect, you'll end up with something that makes
your system unstable.

Supporting Nvidia on vanilla kernels is a challenge now and then because
of the incompatible changes done in each version, but maintaining it for
a grsecurity patched kernel is even harder.

More information about the arch-dev-public mailing list