El 22/09/11 22:20, Michael Mol escribió: > My question is...what kinds? Well mainly the PaX and the grsecurity patches. I also heard there is a WIP in bringing RSBAC back again too. > For what reason is there a set of "makes > it more secure" patches that aren't integrated into the mainline > kernel? The main reason is political reasons. > Are they just not stable in some fashion? As with all, newer features in the patchset can cause crashes but crashes on the old ones are very rare. > Do they exclude some > kernel functionality? Some bits and usually they restrict it more than excluding it. > Do they impact performance? That also happens with some of the features but usually performance impacts are noted.
If you are interested in knowing more about the patchset you may want to look at this document: http://klondike.xiscosoft.es/charlas/Hardened/GentooHardenedWhy.odt El 22/09/11 23:12, Paul Hartman escribió: > I think it's essentially gentoo-sources with the grsecurity patchset > on top. It is gentoo-sources minus the framebuffer patch plus PaX and grsecurity patches + some custom security profiles.
signature.asc
Description: OpenPGP digital signature
