well...the newest version out right now is 1.9.5-pre3. We can't release another -pre until the acl system is out of it's broken state (the userspace portion is virtually finished (check out
http://grsecurity.net/cgi-bin/cvsweb.cgi/gradm , just need to write the kernel handling for the new parsing via userspace)
Lots of nifty things I've done with gradm:
1) duplicate process subject, process object checking
2) notification of an inexistent file/directory in ACL
3) notification when /lib, /etc/grsec, /boot, and /etc/rc.d are not protected
4) full include directive recursion that supports both relative and absolute filenames and directory names for acl configs
5) auto-add ACLs for libraries and the binary itself for process subjects
6) gradm can be placed in any location. via readlink on /proc/getpid()/exe, it determines the full pathname that it was executed as, and we add an acl for that path to be used with the auth mode
7) 128 bits of salt for passwords. Not incredibly necessary, but ensures that a dictionary attack with a prehashed list of passwords could not be used (would take a 1.2 TERABYTE sized file)
8 ) Very understandable code...I've tried to make functions out of most everything, so that the higher level operations read more like english. All important variables and functions are fully commented.
nice nice...