On 20/04/14 05:12 AM, Sébastien Luttringer wrote: > On 19/04/2014 01:21, Connor Behan wrote: >> On 18/04/14 04:09 AM, S?bastien Luttringer wrote: >>> On 16/04/2014 06:09, Daniel Micay wrote: >>>> I don't think it makes sense to bother with the >>>> nvidia module because it would be a bit silly to mix it with grsecurity. >>>> >>> Why user with nvidia cards should be deprived of grsec security enhancement? >> Because the use of closed-source kernel modules is inherently insecure >> anyway. >> > We use closed-source components on our computer everyday (BIOS, > firmwares) because we trust hardware provider like Nvidia. > I wouldn't says that people who have Nvidia cards and run Nvidia drivers > are in an "inherently insecure" situation.
That's true, I'm just not interested in maintaining it myself because I think it's a bit silly regardless :). I have no problem at all with someone maintaining a DKMS nvidia package or grsec-specific package to have it work. It doesn't harm me in any way to have the choice available. > (hide others users process) This is actually one of the few grsecurity features that tricked upstream. It's available as the `hidepid=2` mount option for /proc. Sadly it breaks systemd to some extent due to the cgroup filesystem in the kernel being inadequate (no namespacing support).
signature.asc
Description: OpenPGP digital signature
