grsecurity forums

Skip to content

Is the GRsecurity patch enough?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Is the GRsecurity patch enough?

Postby GBit » Tue Jun 05, 2012 8:46 pm

When I patch the kernel with the grsecurity patch (grsecurity-2.9-3.3.8-201206042136.patch) the PAX features seem to open up. But I also see a pax patch (pax-linux-3.3.7-test18.patch) - would I need both of these for the full features?
GBit
 
Posts: 81
Joined: Mon Jun 04, 2012 3:31 pm
Top

Re: Is the GRsecurity patch enough?

Postby spender » Fri Jun 08, 2012 3:29 pm

No, the grsecurity patch includes PaX. Using grsecurity is actually necessary to implement some of the things described in the PaX documentation (bruteforce prevention, defense against infoleaks by a local attacker, removal of arbitrary code execution at the filesystem level), which are outside of the scope of the PaX patch itself.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Re: Is the GRsecurity patch enough?

Postby GBit » Wed Jun 13, 2012 1:27 pm

Great, thanks so much.
GBit
 
Posts: 81
Joined: Mon Jun 04, 2012 3:31 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group