Page 1 of 1
grsecurity light patch required (for workstations)
Posted:
Tue Apr 05, 2005 11:13 pmby amax
Hello, spender. I have some idea...
What about creation new light grsecurity patch ?
NO pax, just only network protection + chroot + proc ?
no other things.. it maybe much easy to integrate this patch to workstations only, where internet security and socket randomizations maybe very important..
What do you think?
I highly neded grsecurity-light.
Thanks.
Posted:
Tue Apr 05, 2005 11:15 pmby amax
or \ and very light patch where is only socket randomizations
etc.
Posted:
Wed Apr 06, 2005 4:55 amby Hal9000
what about just enabling the stuff you want in the kernel configuration?
Posted:
Thu Apr 07, 2005 10:52 pmby amax
Hal9000 wrote:what about just enabling the stuff you want in the kernel configuration?
it is too hard to apply big patch to non-vanilla kernel, many rejects.
but really it is not needed at all. just only network randz required
Posted:
Sun Apr 10, 2005 8:11 amby Abaddon
Rand & proc :>
Posted:
Fri May 20, 2005 12:34 pmby sjweiler
I have a Gentoo linux workstation hardened with all PAX features except one to restrict TPE for non-root users and all GRSecurity features enabled. I can use java, xmms, mplayer, cedega, etc.
It work's flawlessly; not sure a lite patch is needed.
Posted:
Wed Jun 01, 2005 4:53 amby Abaddon
It slows down your computer (remember, some people have older computers than yours).
btw. All the grsec options enabled on desktop?! It stinks...
Posted:
Thu Jun 02, 2005 1:59 pmby PaX Team
Abaddon wrote:It slows down your computer (remember, some people have older computers than yours).
btw. All the grsec options enabled on desktop?! It stinks...
what slows it down and how much? have you got any numbers? and if you think grsec is bad for the desktop, imagine what fedora users might feel with selinux
.
Posted:
Mon Jun 06, 2005 11:46 amby tuxq
PaX Team wrote:Abaddon wrote:It slows down your computer (remember, some people have older computers than yours).
btw. All the grsec options enabled on desktop?! It stinks...
what slows it down and how much? have you got any numbers? and if you think grsec is bad for the desktop, imagine what fedora users might feel with selinux
.
*shiver* ... I had to deal with a Fedora install and SELinux not too long ago.
Posted:
Fri Jul 01, 2005 11:14 amby fredrik
...........There are fixes in PaX
that make sense for the standard kernel. But because not _all_ of PaX
makes sense for the standard kernel, and because I will _not_ take their
patch whole-sale, they apparently believe (incorrectly) that I wouldn't
even take the non-intrusive fixes, and haven't really even tried to feed
them back.
(Yes, Brad Spengler has talked to me about PaX, but never sent me
individual patches, for example. People seem to expect me to take all or
nothing - and there's a _lot_ of pretty extreme people out there that
expect everybody else to be as extreme as they are..)
Linus
more at
http://kerneltrap.org/node/4590