Hi!
On Tue, May 02, 2017 at 09:58:18PM +0200, Daniel Cegiełka wrote:
> This means that any future solution will not be compatible with current
> PaX support.
It doesn't means that. That may happens, or not - if someone will bother
about compatibility, for example.
I also think it makes sense to
2017-05-02 19:23 GMT+02:00 "Tóth Attila" :
> 2017.Május 2.(K) 18:59 időpontban Daniel Cegiełka ezt írta:
>>> pax.?mark actually, since the eclass helper is called pax-mark. :)
>>> I'd hold off on removing those for at least a few months, though.
>>>
>>
>> If PAX_MPROTECT returns (KSPP?), then ebuil
HardenedBSD really needs developers, i saw lattera wanted to implement
RBAC for hardenedBSD : https://github.com/HardenedBSD/HardenedBSD/issues/235
On 05/02/2017 08:06 PM, Javier Juan Martinez Cabezon wrote:
> Hi, at first sight hardenedbsd MAC is based on BIBA integrity model, is
> not RBAC, is a
Hi, at first sight hardenedbsd MAC is based on BIBA integrity model, is
not RBAC, is a MAC system as Bell-LaPadula MAC alike but not focused on
confidentiality but integrity instead (basically the same three rules
but inverted). RBAC is too much powerful than MAC and very much flexible
On 02/0
2017.Május 2.(K) 18:59 időpontban Daniel Cegiełka ezt írta:
>> pax.?mark actually, since the eclass helper is called pax-mark. :)
>> I'd hold off on removing those for at least a few months, though.
>>
>
> If PAX_MPROTECT returns (KSPP?), then ebuilds will need to be
> 'paxmarked' again. Years of w
If i good remamber aslr in hbsd has more bits then grsec.
Featuers of hbsd:
http://hardenedbsd.org/content/easy-feature-comparison
2017-05-02 19:16 GMT+02:00 bryn1u85 . :
> Test. Im using hardenedbsd and work great !! Have almost all options which
> grsec has. And fully based on BSD lincense whic
Test. Im using hardenedbsd and work great !! Have almost all options which
grsec has. And fully based on BSD lincense which is great ! Still
developing and still news features .
02.05.2017 6:57 PM "wabe" napisał(a):
> Is the kernel of HardenedBSD also concerned by the decision of
> grsecurity fo
2017-05-02 18:55 GMT+02:00 wabe :
> Is the kernel of HardenedBSD also concerned by the decision of
> grsecurity folks?
No. NetBSD and FreeBSD have their own MPROTECT/ASLR/Segvguard implementation.
https://hardenedbsd.org/content/projects
> If not, is it possible to use this kernel with
> gentoo
2017-05-02 18:02 GMT+02:00 Luis Ressel :
> On Tue, 2 May 2017 17:56:22 +0200
> Daniel Cegiełka wrote:
>
>> grep -r -e paxmark -e pax_kernel /usr/portage/
>
> pax.?mark actually, since the eclass helper is called pax-mark. :)
> I'd hold off on removing those for at least a few months, though.
>
If
Is the kernel of HardenedBSD also concerned by the decision of
grsecurity folks? If not, is it possible to use this kernel with
gentoo (Gentoo/FreeBSD)?
--
Regards
wabe
On Tue, 2 May 2017 17:56:22 +0200
Daniel Cegiełka wrote:
> grep -r -e paxmark -e pax_kernel /usr/portage/
pax.?mark actually, since the eclass helper is called pax-mark. :)
I'd hold off on removing those for at least a few months, though.
Regards,
Luis
pgpmepOaL7otT.pgp
Description: OpenPGP d
2017-05-02 17:28 GMT+02:00 Luis Ressel :
> On Mon, 1 May 2017 09:38:43 +
> Sven Vermeulen wrote:
>
>> The obvious step is indeed to stop further *current* development on
>> hardened-sources. I don't know how many additional patchsets are being
>> implemented in it (blueness? Zorry?) so I don't
On Mon, 1 May 2017 09:38:43 +
Sven Vermeulen wrote:
> The obvious step is indeed to stop further *current* development on
> hardened-sources. I don't know how many additional patchsets are being
> implemented in it (blueness? Zorry?) so I don't know if it means that
> hardened-sources in tota
https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project
It closes the topic of our discussion.
worth reading:
http://openwall.com/lists/kernel-hardening/2017/05/01/5
http://openwall.com/lists/kernel-hardening/2017/05/02/4
this means:
* KSPP means that keeping PaX for >4.9 will be diffic
14 matches
Mail list logo
