grsecurity forums

Hi,

Just a question please, as the new 2.4 kernel is currently in rc. does the grsecurity/pax team plan to release a patch for 2.4 AND 2.6

many people use 2.6 because hardware support is necessary.

i hope be able to use a "recent" 2.6 kernel with grsecurity because i CANT use 2.4

Best regards,

There are test patches in ~spender

ie

http://grsecurity.net/~spender

I use both the 2.4 and the 2.6 and I haven't had any problems with them. Indeed there's some new PAX features in 2.4 and they don't seem to cause any problems.

Of course, I wouldn't be rolling these patches out on all 500 of your uber-important production machines...

tjh wrote:There are test patches in ~spender

yes. thanks

i use theses patchs on machine tests, and it seems to work, but i have two question :

-> if this patches "works" why they do not pass in stable release ?
-> does they are "incomplete" ?

Best regards,

DaviXX wrote:i use theses patchs on machine tests, and it seems to work, but i have two question :

-> if this patches "works" why they do not pass in stable release ?
-> does they are "incomplete" ?

the test patches eventually become the release, so if they have a problem at the time of a release, the release will have the problem too... there's no way around that, that's why we're publishing them so that people who can afford testing can do just that. welcome to the open source development model . what triggers a release is normally that 1. it's got no known problems, 2. we are finished adding whatever we wanted for a new release. right now none of these conditions are met, hence no release yet

Hi, thanks for your answer.

PaX Team wrote:1. it's got no known problems

Hi thinks the lasts are in this case

PaX Team wrote:2. we are finished adding whatever we wanted for a new release. right now none of these conditions are met, hence no release yet

So where we can find the list of the todo before the next release ?


we have to not forget that security is the first purpose of the project, and, use an 2.6.14.6 kernel instead 2.6.17.1 is subject too security holes knowned.

And if i'm not wrong, it's better to have a "last" kernel instead have a "beautiful" grsecurity patch release one time each 6 month.

To finish, excuse me, i'm french, my english is bad so i can't explain what i think more clearly. So just note that i'm not saying grsecurity use a "bad" way, just that (as i already say) :

some users of grsecurity use 2.6 because they have to, and not they want to. theses users hope have a "more recent" patch grsec for the latest kernel.

Best regards,