libreplanet-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libreplanet-discuss] GNU Sec - Hardened kernel


From: Hanno Böck
Subject: Re: [libreplanet-discuss] GNU Sec - Hardened kernel
Date: Mon, 4 Sep 2017 11:04:52 +0200

On Sun, 03 Sep 2017 12:44:40 +0200
aurelien <address@hidden> wrote:

> The point is that most of free distributions use it to improve
> security for the users.

That is not exactly true. None of the major distributions ever used
grsecurity in their kernels, only some specialized distributions like
Gentoo Hardened.

This was also often criticized: Given that grsecurity was an
out-of-tree effort and only few parts of it were upstreamed it only
provided protection for the few that used their kernel-patch, not the
average user.

> Maybe it should be time to create a GNU Sec project to improve and
> share hardened tools

There already is the kernel self protection project:
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

Related discussions and patching efforts happen on the kernel-hardening
mailing list:
http://www.openwall.com/lists/kernel-hardening/

Unlike grsecurity their goal is to upstream security features into the
mainline kernel.

Also there have been quite some efforts to find kernel security bugs
via fuzzing, the most notable is the syzkaller tool:
https://github.com/google/syzkaller

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: address@hidden
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42



reply via email to

[Prev in Thread] Current Thread [Next in Thread]