Hi,
the last publicly available version of PaX / grsecurity will probably
never be ported to work with the Meldown / Spectre fixes.
The only option is to use minipli's last release (4.9.74) and port all
non-spectre related fixes from upstream's 4.9 branch [1] to it. However
you should only run such a kernel on CPUs not affected by Meltdown /
Spectre, such as the Raspberry Pi or Intel's Atom (the in-order ones
codenamed "Bonnell") [2].
Bear in mind that upstream is porting fixes from PaX to mainline, albeit
at a slow pace. I've rebased the last pax-only patch on 4.9.74 but
decided for myself that it's not worth maintaining a 4.9 fork.
Cheers,
Philipp
[1]
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/?h=linux-4.9.y
[2] https://en.wikipedia.org/wiki/List_of_Intel_Atom_microprocessors
Am 02.09.2018 22:39 schrieb Ren Nyo:
In minipli's github brunch, in issues someone ported changes up to
4.9.105. However without spectre and meltdown fixes. You should write
to grsecurity team about personal license. If they will receive many
letters, maybe they make such license available.
вс, 2 сент. 2018 г., 11:43 Alex Efros <power...@powerman.name>:
Hi!
On Sat, Apr 14, 2018 at 12:33:55AM +0000, Ren Nyo wrote:
I contacted minipli, and he said that unofficial grsecurity
kernel is
frozen. So we should not wait for him to port KPTI and Meltdown.
Looks like there is no progress so far. :(
Is there any other options how to get kernel newer than 4.9.74 with
GrSecurity/PaX for personal use, or it's now available only for
high
price i.e. enterprise-only?
--
WBR, Alex.
