Yeah, this all evokes a question of "Et tu, brute?" Given that they are now withholding security patches for older kernels from the public and thus make Gentoo Hardened use only latest kernels, this sounds like a really bad case of kettle calling the pot black.
Announcement
Collapse
No announcement yet.
GrSecurity: The Truth About Linux 4.6 [Security]
Collapse
X
-
Originally posted by GreatEmerald View PostYeah, this all evokes a question of "Et tu, brute?" Given that they are now withholding security patches for older kernels from the public and thus make Gentoo Hardened use only latest kernels, this sounds like a really bad case of kettle calling the pot black.
- Likes 2
Comment
-
Originally posted by Ericg View Post
That's the thing that pissed me off. I have ZERO opinion on GRSecurity from a technical perspective-- I knows its popular in the Arch and Gentoo camps, but that is basically it. But the way they handled that tweet and bug report was childish, immature, and unprofessional. I HOPE that everyone who was banned from that has since been unbanned, but it should've never happened in the first place. Damage done.
After that the kid tweeted and spread lies everywhere and made wrong analysis of bug (check PaX Team's comment about it) . The kid do not know anything about Grsecurity and the components of it but he defines himself as a security expert. He enabled all Grsec and PaX function in kernel config without any knowledge of them.
One of theese functions is a special GCC plugin which catches integer under- and overflows in running time. Due to the behavior of the GCC optimization and poor programming of kernel there are a lot of false positives which triggers the plugin to alert (default is a kernel panic() or there is a pax_size_overflow_report_only kernel parameter to not panic, but he did not know the latter one). So this component is not for production use or at least not without risk analysis before it...
The kid found one of many false positives with this tool and trolling over the internet that there is a high vulnerability in Grsecurity and blamed the team that they do not doing proper security audits on their patch. After a lot of sensationalist retweets and non-manageable noise the kid has been blocked. After that the kid came to the official #grsecurity IRC channel for trolling. He banned there too so he hastened to announce his persecution on twitter with screenshots...
​He constantly looked for opportunities to make propaganda of his - not - Very High Vulnerability. He got it. Even The Registers made an article about it without asking the Grsecurity developers.
- Likes 3
Comment
-
-
Originally posted by yoshi314 View Post
correlation, maybe.
unfortunately, many people think that there is bad personality->skill causation.
Sadly, the correlation stems from the idea of human nature judging everything. The people who can give less of a shit on someone else's opinion or can tell them to fuck off (who just so happens to be more assholish than someone who actually cares) is the one more likely to get things done.
Comment
-
Debian ships a gsecured kernel too, seems like a newish decision, as it is only in jessie backports and sid. https://packages.debian.org/search?k...-image%20grsec
Nice.
->installing NOW.Last edited by starshipeleven; 16 May 2016, 05:12 AM.
Comment
-
Might even upgrade some of my 3.2.x systems to this! New releases add new security bugs so frequently, that I daren't upgrade, I stick with LTS kernels until they're no longer supported. But, having the benefit of grsecurity would maybe offset the risk.
Comment
-
Originally posted by stevenc View PostMight even upgrade some of my 3.2.x systems to this! New releases add new security bugs so frequently, that I daren't upgrade, I stick with LTS kernels until they're no longer supported. But, having the benefit of grsecurity would maybe offset the risk.
Dunno how well will kernel 4.4 (current grsecured one) run with a Wheezy system.
Comment
Comment