Announcement

Collapse
No announcement yet.

GrSecurity: The Truth About Linux 4.6 [Security]

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • GrSecurity: The Truth About Linux 4.6 [Security]

    Phoronix: GrSecurity: The Truth About Linux 4.6 [Security]

    The lead maintainer of GrSecurity, Brad Spengler, that is a set of patches to the Linux kernel for providing security enhancements has written an opinion piece about the Linux 4.6 kernel security...

    http://www.phoronix.com/scan.php?pag...ux-4.6-Article

  • #2
    Wow, are these guys still around? Last I heard they were still angry at losing out to SELinux ten years ago. Not that I think SELinux vs AppArmor was ever a particularly important debate. Surely we can stick to systemd vs initrc, KDE vs Cinnamon vs Gnome, and vi vs emacs.

    FWIW I am: SELinux, systemd, Gnome, emacs.

    Comment


    • #3
      Originally posted by OneTimeShot View Post
      Wow, are these guys still around? Last I heard they were still angry at losing out to SELinux ten years ago. Not that I think SELinux vs AppArmor was ever a particularly important debate. Surely we can stick to systemd vs initrc, KDE vs Cinnamon vs Gnome, and vi vs emacs.

      FWIW I am: SELinux, systemd, Gnome, emacs.
      Nice trolling there. You don't happen to have any opinion of Java vs C# or Lisp vs Haskell? UTF-8 or UTF-16? BE / LE ? XML or JSON? I need the correct opinions asap.

      Comment


      • #4
        Originally posted by OneTimeShot View Post
        Wow, are these guys still around? Last I heard they were still angry at losing out to SELinux ten years ago. Not that I think SELinux vs AppArmor was ever a particularly important debate. Surely we can stick to systemd vs initrc, KDE vs Cinnamon vs Gnome, and vi vs emacs.

        FWIW I am: SELinux, systemd, Gnome, emacs.
        Umm... these guys never went anywhere, and both SEL and apparmor accomplish only a tiny bit of what grsec sets out to do.

        Comment


        • #5
          Some people say "when pigs fly" but I say "when grsec is merged mainline" when I am referring to that which will never happen. And its a damn shame too, because the stock kernel is a security nightmare.

          Comment


          • #6
            Originally posted by zanny View Post
            Some people say "when pigs fly" but I say "when grsec is merged mainline" when I am referring to that which will never happen. And its a damn shame too, because the stock kernel is a security nightmare.
            True, but 'ideal' grsec breaks too many things and comes with a perf penalty. They could mainline most of the changes and be ok though.

            Comment


            • #7
              GrSecurity? Do you mean the people who got butthurt and banned the bug reporter and all the people that replied to this tweet? https://twitter.com/marcan42/status/724749571495075840

              Comment


              • #8
                Originally posted by float View Post
                GrSecurity? Do you mean the people who got butthurt and banned the bug reporter and all the people that replied to this tweet? https://twitter.com/marcan42/status/724749571495075840
                That's the thing that pissed me off. I have ZERO opinion on GRSecurity from a technical perspective-- I knows its popular in the Arch and Gentoo camps, but that is basically it. But the way they handled that tweet and bug report was childish, immature, and unprofessional. I HOPE that everyone who was banned from that has since been unbanned, but it should've never happened in the first place. Damage done.
                All opinions are my own not those of my employer if you know who they are.

                Comment


                • #9
                  Originally posted by SaucyJack View Post

                  True, but 'ideal' grsec breaks too many things and comes with a perf penalty. They could mainline most of the changes and be ok though.
                  Even in their patchset almost everything is tunable, for example the Arch grsec kernel targets a desktop use case and disables features that cause large performance impact and a lot of them are even runtime toggleable at the kernel command line.

                  And honestly, which sounds more ridiculous - a fast, insecure kernel by default, or a slower, secure one? Obviously the latter, and then downstreams can "at their own risk" increase performance by reducing hardening.

                  Comment


                  • #10
                    Is it just me, or is there a correlation between shitty personality and good coding skills?

                    Comment

                    Working...
                    X