On Friday, June 3, 2016 at 2:39:49 AM UTC-4, [email protected] wrote: > Hello I was wondering if Qubes might ever add Gresecurity in the future?I > think adding it would be great since you'll have a hardened kernel
It has been discussed before. Alot of it is privilege escalation protections which would be meaningless in qubes. Some of it would be nice. Some people in the mailing list have claimed to got a grsec kernel working if you search it, but it might be more trouble then its actually worth. I kind of believe in the philosophy that nothing is 100%, there is no such thing as completely stopping attacks, if attacker is persistent enough and you continue to use the services you use a computer to enjoy, you will be compromised eventually. There will always be bugs till the end of the time and the best thing to do is just mitigate the damage. For example in qubes the sys-net is assumed untrustworthy but it does its best to separate its exposure from rest of the system. Not sure if you know this, but Brad Spengler, the developer of grsecurity, doesn't even use his own kernels. He prefers to use windows. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f5d32976-bff9-4934-a039-8f8fb95cbeb8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
