On Fri, May 12, 2017, at 16:38, Alex Efros wrote:
> Hi!
>
> On Fri, May 12, 2017 at 09:10:43PM +0200, "Tóth Attila" wrote:
> > Please take a look at on the reply of PaxTeam postend on the openwall
> > mailing list:
> > http://openwall.com/lists/kernel-hardening/2017/05/11/2
>
> What's for? It's p
Hi!
On Fri, May 12, 2017 at 09:10:43PM +0200, "Tóth Attila" wrote:
> Please take a look at on the reply of PaxTeam postend on the openwall
> mailing list:
> http://openwall.com/lists/kernel-hardening/2017/05/11/2
What's for? It's pointless. Only very few people are really interested
(i.e. not jus
2017.Május 8.(H) 23:12 időpontban Andrew Savchenko ezt írta:
> Most likely KSPP project will come up, they are doing a good job:
> bringing security features upstream fixing bugs in PaX code during
> the process [1]. This is what PaX should have done long time ago,
> they were even offered CII gran
On 170508-22:49+0200, Miroslav Rovis wrote:
> ...
> I'll be back with an ebuild to discuss.
> ...
> On 170508-22:07+0200, Mathias Krause wrote:
> > On 8 May 2017 at 20:08, Miroslav Rovis wrote:
...
> > > Unofficial forward ports of the last publicly available grsecurity patch
> > > https://github.
On Mon, 1 May 2017 13:58:08 + Sven Vermeulen wrote:
> On Mon, May 01, 2017 at 01:28:54PM +0300, Andrew Savchenko wrote:
> > > The obvious step is indeed to stop further *current* development on
> > > hardened-sources.
> >
> > Why not support hardened-sources while corresponding vanilla
> > ker
(thanks also to Luis Ressel for clarifications in the other email)
(I'm only top posting because this reply of mine has no particularities
to place it btwn any lines further below. Otherwise, I don't top post.)
Mathias, I only wish to thank you for the quick reply and the tips
below. And all my h
On 8 May 2017 at 20:08, Miroslav Rovis wrote:
> [...]
> But I saw the other link that gives me some hope:
>
> Unofficial forward ports of the last publicly available grsecurity patch
> https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec
>
> which I cloned into my ma
Hi,
I don't have much to add, but I'd like to clear two misunderstandings
here:
On Mon, 8 May 2017 20:08:07 +0200
Miroslav Rovis wrote:
> And really since late in 2016 no more entries in the Changelog. Pls.
> note that I'm only stating the facts, not complaining.
AFAIK the Changelogs aren't up
On 170502-10:28+0200, Daniel Cegiełka wrote:
> https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project
>
> It closes the topic of our discussion.
>
And I read all the discussion in gentoo-hardened in regard.
First, I'm a user[1], and I'm trying to continue to keep safe and secure
as I used
Hi!
On Tue, May 02, 2017 at 09:58:18PM +0200, Daniel Cegiełka wrote:
> This means that any future solution will not be compatible with current
> PaX support.
It doesn't means that. That may happens, or not - if someone will bother
about compatibility, for example.
I also think it makes sense to
2017-05-02 19:23 GMT+02:00 "Tóth Attila" :
> 2017.Május 2.(K) 18:59 időpontban Daniel Cegiełka ezt írta:
>>> pax.?mark actually, since the eclass helper is called pax-mark. :)
>>> I'd hold off on removing those for at least a few months, though.
>>>
>>
>> If PAX_MPROTECT returns (KSPP?), then ebuil
2017.Május 2.(K) 18:59 időpontban Daniel Cegiełka ezt írta:
>> pax.?mark actually, since the eclass helper is called pax-mark. :)
>> I'd hold off on removing those for at least a few months, though.
>>
>
> If PAX_MPROTECT returns (KSPP?), then ebuilds will need to be
> 'paxmarked' again. Years of w
2017-05-02 18:02 GMT+02:00 Luis Ressel :
> On Tue, 2 May 2017 17:56:22 +0200
> Daniel Cegiełka wrote:
>
>> grep -r -e paxmark -e pax_kernel /usr/portage/
>
> pax.?mark actually, since the eclass helper is called pax-mark. :)
> I'd hold off on removing those for at least a few months, though.
>
If
On Tue, 2 May 2017 17:56:22 +0200
Daniel Cegiełka wrote:
> grep -r -e paxmark -e pax_kernel /usr/portage/
pax.?mark actually, since the eclass helper is called pax-mark. :)
I'd hold off on removing those for at least a few months, though.
Regards,
Luis
pgpmepOaL7otT.pgp
Description: OpenPGP d
2017-05-02 17:28 GMT+02:00 Luis Ressel :
> On Mon, 1 May 2017 09:38:43 +
> Sven Vermeulen wrote:
>
>> The obvious step is indeed to stop further *current* development on
>> hardened-sources. I don't know how many additional patchsets are being
>> implemented in it (blueness? Zorry?) so I don't
On Mon, 1 May 2017 09:38:43 +
Sven Vermeulen wrote:
> The obvious step is indeed to stop further *current* development on
> hardened-sources. I don't know how many additional patchsets are being
> implemented in it (blueness? Zorry?) so I don't know if it means that
> hardened-sources in tota
https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project
It closes the topic of our discussion.
worth reading:
http://openwall.com/lists/kernel-hardening/2017/05/01/5
http://openwall.com/lists/kernel-hardening/2017/05/02/4
this means:
* KSPP means that keeping PaX for >4.9 will be diffic
Shouldn't go to 4.10+, because it will be too much work.
Best would be to maintain 4.9 LTS and not bother with 4.10 and all that.
On 05/01/2017 04:53 PM, Daniel Cegiełka wrote:
> 2017-05-01 16:20 GMT+02:00 SK :
>> There is Subgraph that is going to keep maintaining 4.9.X LTS branch
>> with grsec
2017-05-01 16:20 GMT+02:00 SK :
> There is Subgraph that is going to keep maintaining 4.9.X LTS branch
> with grsec & there is minipli[1] that is going to forward 4.9.X LTS
> branch with grsec.
>
> Would be great to join forces to keep 4.9.X LTS alive while porting
> features upstream.
4.9.* is no
There is Subgraph that is going to keep maintaining 4.9.X LTS branch
with grsec & there is minipli[1] that is going to forward 4.9.X LTS
branch with grsec.
Would be great to join forces to keep 4.9.X LTS alive while porting
features upstream.
1.
https://github.com/minipli/linux-unofficial_grsec/t
On Mon, May 01, 2017 at 01:28:54PM +0300, Andrew Savchenko wrote:
> > The obvious step is indeed to stop further *current* development on
> > hardened-sources.
>
> Why not support hardened-sources while corresponding vanilla
> kernels are still supported? E.g. 4.9 is a longterm branch, so we
> sho
2017-05-01 13:00 GMT+02:00 Andrew Savchenko :
> Hi,
>
> On Mon, 1 May 2017 12:24:14 +0200 Daniel Cegiełka wrote:
> Are you sure PaX patches will be updated? Because PaXTeam claims
> they will not be published [1]:
(...)
> Or do you suggest to support PaX with our own resources?
https://archives
Hi,
On Mon, 1 May 2017 12:24:14 +0200 Daniel Cegiełka wrote:
[...]
> Summing up:
>
> * PaX is the most important part of Gentoo Hardened project
> (Grsecurity, SELinux, RSBAC)
>
> * We can't use the 'grsecurity' name, which means that fork of
> grsecurity == rewriting everything with 'grsecurity
On Mon, 1 May 2017 09:38:43 + Sven Vermeulen wrote:
> Hi all,
>
> There is a nice debate ongoing on the mailinglist [1] on the topic of
> grsecurity's recent decision to no longer provide the test patches to the
> public. I'd like to keep the debate on the rationale of it in that
> discussion,
2017-05-01 11:38 GMT+02:00 Sven Vermeulen :
> Hi all,
>
> There is a nice debate ongoing on the mailinglist [1] on the topic of
> grsecurity's recent decision to no longer provide the test patches to the
> public. I'd like to keep the debate on the rationale of it in that
> discussion, but focus he
On Mon, May 01, 2017 at 09:38:43AM +, Sven Vermeulen wrote:
> From the online discussions I also hear that we shouldn't be referring to
> grsecurity anymore (even when it was still the test patches). This means
> that we need to update our wiki articles, as well as include a note that the
> doc
Hi all,
There is a nice debate ongoing on the mailinglist [1] on the topic of
grsecurity's recent decision to no longer provide the test patches to the
public. I'd like to keep the debate on the rationale of it in that
discussion, but focus here on what we, from Gentoo Hardened, now need to do
or
27 matches
Mail list logo
