OpenPaX Announced As "Open-Source Alternative To GrSecurity" With Free Kernel Patch

Written by Michael Larabel in Linux Security on 30 October 2024 at 11:00 AM EDT. 21 Comments
LINUX SECURITY
Enterprise security firm Edera today is announcing OpenPaX that they promoted in their advance press notice as a "new open-source alternative to GrSecurity." GrSecurity being the firm focused on providing out-of-tree Linux kernel patches focused in the name of security enhancements. With OpenPaX they are open-source and publicly available kernel patch for mitigating common memory safety errors and other system hardening.

OpenPaX aims to provide better runtime memory safety protections, better hardening systems against application-level memory safety attacks, and related functionality. The OpenPaX code is available under the GPLv2.

OpenPaX badge


Today's press release hitting the wire notes:
"OpenPaX is a Linux kernel patch and alternative to the original PaX patch (now distributed as part of grsecurity) on modern hardware for system administrators who need to provide a layer of defense against memory safety-related vulnerabilities. The Linux kernel community also gains access to an open source hardening patchset and some features of OpenPaX will be upstreamed as appropriate.

The introduction of OpenPaX is good news for Linux distros. Alpine Linux, for example, will return to shipping a PaX-enabled kernel in 3.21 as a technical preview. Further integration will happen in Alpine 3.22."

The OpenPaX kernel code is available via Edera's linux-openpax on GitHub.
21 Comments
Related News
New Linux Patch Lets You Force CPU Bugs/Mitigations Even When Not Vulnerable
Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS
Landlock Sandboxing Now Supports More Controls Around Unix Sockets
Linux 6.12 Adds Build Options For Greater Control Over CPU Security Mitigations
Linux 6.12 Landing Integrity Policy Enforcement "IPE" Module
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features