grsecurity forums

[moseleymark]

This is related to my other GPF thread but I thought it probably should just be a new thread. This isn't a thread about a specific issue but just sort of a general question to get you guys' impression.

I've been using grsec/pax for years on lots and lots of kernels. One thing I run into somewhat frequently is kernel issues on boxes that I dare not run *without* grsec/pax. So I can't run a vanilla kernel to try to replicate the issue. But then reporting the issue to LKML and being open about having grsec/pax patched in will inevitably run into "this is a 3rd party patch issue, they probably broke it".

My question for for spender/Pax team is this: Is there a 'best practice' on how to approach this? My current modus operandi is to report pretty much any kernel issue I run into on this mailing list first, but that clearly increases the signal-to-noise in favor of noise. Is that about the best thing to do though? Or are there whole sections of the kernel that I can assume *can't* be related to grsec? I'm guessing that it's probably just a case-by-case thing, in which case, my thread becomes "Is it ok that I always pass these by you guys first?". But if either of you have any general guidelines on when to come here first or when not to come here first, I'd love to hear them. Thanks!

[PaX Team]

there're not general rules here i'm afraid, each bug has to be investigated individually. so keep posting them and we'll try to figure out the next steps.

[moseleymark]

That's pretty much what I figured but thought I should check.