On Fri, May 12, 2017, at 16:38, Alex Efros wrote:
> Hi!
>
> On Fri, May 12, 2017 at 09:10:43PM +0200, "Tóth Attila" wrote:
> > Please take a look at on the reply of PaxTeam postend on the openwall
> > mailing list:
> > http://openwall.com/lists/kernel-hardening/2017/05/11/2
>
> What's for? It's
2017.Május 8.(H) 23:12 időpontban Andrew Savchenko ezt írta:
> Most likely KSPP project will come up, they are doing a good job:
> bringing security features upstream fixing bugs in PaX code during
> the process [1]. This is what PaX should have done long time ago,
> they were even offered CII
On 170508-22:49+0200, Miroslav Rovis wrote:
> ...
> I'll be back with an ebuild to discuss.
> ...
> On 170508-22:07+0200, Mathias Krause wrote:
> > On 8 May 2017 at 20:08, Miroslav Rovis wrote:
...
> > > Unofficial forward ports of the last publicly available
On Mon, 1 May 2017 13:58:08 + Sven Vermeulen wrote:
> On Mon, May 01, 2017 at 01:28:54PM +0300, Andrew Savchenko wrote:
> > > The obvious step is indeed to stop further *current* development on
> > > hardened-sources.
> >
> > Why not support hardened-sources while corresponding vanilla
> >
(thanks also to Luis Ressel for clarifications in the other email)
(I'm only top posting because this reply of mine has no particularities
to place it btwn any lines further below. Otherwise, I don't top post.)
Mathias, I only wish to thank you for the quick reply and the tips
below. And all my
On 8 May 2017 at 20:08, Miroslav Rovis wrote:
> [...]
> But I saw the other link that gives me some hope:
>
> Unofficial forward ports of the last publicly available grsecurity patch
>
Hi,
I don't have much to add, but I'd like to clear two misunderstandings
here:
On Mon, 8 May 2017 20:08:07 +0200
Miroslav Rovis wrote:
> And really since late in 2016 no more entries in the Changelog. Pls.
> note that I'm only stating the facts, not complaining.
On 170502-10:28+0200, Daniel Cegiełka wrote:
> https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project
>
> It closes the topic of our discussion.
>
And I read all the discussion in gentoo-hardened in regard.
First, I'm a user[1], and I'm trying to continue to keep safe and secure
as I
Hi!
On Tue, May 02, 2017 at 09:58:18PM +0200, Daniel Cegiełka wrote:
> This means that any future solution will not be compatible with current
> PaX support.
It doesn't means that. That may happens, or not - if someone will bother
about compatibility, for example.
I also think it makes sense to
2017-05-02 19:23 GMT+02:00 "Tóth Attila" :
> 2017.Május 2.(K) 18:59 időpontban Daniel Cegiełka ezt írta:
>>> pax.?mark actually, since the eclass helper is called pax-mark. :)
>>> I'd hold off on removing those for at least a few months, though.
>>>
>>
>> If PAX_MPROTECT
2017-05-02 18:02 GMT+02:00 Luis Ressel :
> On Tue, 2 May 2017 17:56:22 +0200
> Daniel Cegiełka wrote:
>
>> grep -r -e paxmark -e pax_kernel /usr/portage/
>
> pax.?mark actually, since the eclass helper is called pax-mark. :)
> I'd hold off on removing
On Tue, 2 May 2017 17:56:22 +0200
Daniel Cegiełka wrote:
> grep -r -e paxmark -e pax_kernel /usr/portage/
pax.?mark actually, since the eclass helper is called pax-mark. :)
I'd hold off on removing those for at least a few months, though.
Regards,
Luis
2017-05-02 17:28 GMT+02:00 Luis Ressel :
> On Mon, 1 May 2017 09:38:43 +
> Sven Vermeulen wrote:
>
>> The obvious step is indeed to stop further *current* development on
>> hardened-sources. I don't know how many additional patchsets are being
>> implemented
On Mon, 1 May 2017 09:38:43 +
Sven Vermeulen wrote:
> The obvious step is indeed to stop further *current* development on
> hardened-sources. I don't know how many additional patchsets are being
> implemented in it (blueness? Zorry?) so I don't know if it means that
>
https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project
It closes the topic of our discussion.
worth reading:
http://openwall.com/lists/kernel-hardening/2017/05/01/5
http://openwall.com/lists/kernel-hardening/2017/05/02/4
this means:
* KSPP means that keeping PaX for >4.9 will be
Shouldn't go to 4.10+, because it will be too much work.
Best would be to maintain 4.9 LTS and not bother with 4.10 and all that.
On 05/01/2017 04:53 PM, Daniel Cegiełka wrote:
> 2017-05-01 16:20 GMT+02:00 SK :
>> There is Subgraph that is going to keep maintaining 4.9.X
2017-05-01 16:20 GMT+02:00 SK :
> There is Subgraph that is going to keep maintaining 4.9.X LTS branch
> with grsec & there is minipli[1] that is going to forward 4.9.X LTS
> branch with grsec.
>
> Would be great to join forces to keep 4.9.X LTS alive while porting
>
There is Subgraph that is going to keep maintaining 4.9.X LTS branch
with grsec & there is minipli[1] that is going to forward 4.9.X LTS
branch with grsec.
Would be great to join forces to keep 4.9.X LTS alive while porting
features upstream.
1.
On Mon, May 01, 2017 at 01:28:54PM +0300, Andrew Savchenko wrote:
> > The obvious step is indeed to stop further *current* development on
> > hardened-sources.
>
> Why not support hardened-sources while corresponding vanilla
> kernels are still supported? E.g. 4.9 is a longterm branch, so we
>
2017-05-01 13:00 GMT+02:00 Andrew Savchenko :
> Hi,
>
> On Mon, 1 May 2017 12:24:14 +0200 Daniel Cegiełka wrote:
> Are you sure PaX patches will be updated? Because PaXTeam claims
> they will not be published [1]:
(...)
> Or do you suggest to support PaX with our own
Hi,
On Mon, 1 May 2017 12:24:14 +0200 Daniel Cegiełka wrote:
[...]
> Summing up:
>
> * PaX is the most important part of Gentoo Hardened project
> (Grsecurity, SELinux, RSBAC)
>
> * We can't use the 'grsecurity' name, which means that fork of
> grsecurity == rewriting everything with
On Mon, 1 May 2017 09:38:43 + Sven Vermeulen wrote:
> Hi all,
>
> There is a nice debate ongoing on the mailinglist [1] on the topic of
> grsecurity's recent decision to no longer provide the test patches to the
> public. I'd like to keep the debate on the rationale of it in that
>
2017-05-01 11:38 GMT+02:00 Sven Vermeulen :
> Hi all,
>
> There is a nice debate ongoing on the mailinglist [1] on the topic of
> grsecurity's recent decision to no longer provide the test patches to the
> public. I'd like to keep the debate on the rationale of it in that
>
23 matches
Mail list logo