grsecurity forums

Hi

I was wondering, What are the plans to integrate PAX into the kernel mainline ?


thanks
zmau

No, and you wouldn't want them to.

KUDEv or some sort of thing that's been created by the great people that brought you pulseaudio and now pulseaudio for init will probably be accepted.

As it was explained to me in an article I read: The kernel maintainers are idiots when it comes to security, they are also uninterested, some contacts in the linux world work for the governments which would rather systems continue to be easily penetrated so that they can control the men within their societies, whom they own.

I think that there's a middle ground between the current situation (PaX + grsecurity being an out of tree patch of nearly 4 MB, sadly used by only a small minority of users, despite its crystal clear usefulness) and full integration of PaX + grsecurity into mainline Linux.
With enough time, programming knowledge, motivation, it is possible to move hunks of PaX / grsecurity into mainline Linux (even if mainline isn't necessarily receptive). Once in a while, someone upstreams several hunks: for instance, in April, minipli moved three hunks of PaX (constifying ipc_ops structures used for msgget/semget/shmget) to mainline (for now, linux-next).

This is not meant as a criticism of the way spender / "PaX Team" / ephox work. It's understandable they want to focus on improving the features of PaX / grsecurity, rather than spend time trying to deal with mainline's security standards and integration process. I feel that we'd all be better of if more of us (yup, I'm including myself in the pack) spent time upstreaming some PaX / grsecurity bits, so that more people can benefit from them.

Hi!
Can you post a link to that article ?

BTW, if I understand you correctly, what you are saying is
1) I would want PAX to be integrated into the kernel mainline.
2) The kernel maintainers would not do it.

Thanks