* Future of the security features
@ 2003-10-12 20:26 anlar
2003-10-13 0:37 ` Rik van Riel
0 siblings, 1 reply; 2+ messages in thread
From: anlar @ 2003-10-12 20:26 UTC (permalink / raw)
To: linux-kernel
I have been playing with the Grsecurity (www.grsecurity.org) patches now for a
while and I wouldn't run a server anymore without it. I noticed from the kernel
list archives that the inclusion of features like Pax have been discussed
before and as I have understood, this might be a good time to try to get the
matter hot again.
There are a lot of nice security improving patches for the kernel. Pax against
many of the overflows in software for instance could be one nice day saving
feature. Making such features upstream would not cure the situation alone. I
believe though that it would help generally in making our computing safer.
Just take a look at all the small tweaks and improvements that are available
for
instance in Grsecurity. Whoa. Not bad. Would break some (poorly designed
mostly) software though if forced on. (The only really problematic in my
experience has been the Xfree86 server but even it can be fixed afaik to run
with all the Grsecurity patches.)
The Linux kernel could be tweaked to be one nasty animal (can penguins be
nasty?) guarding the security. Linux based systems could be a lot more secure
with "some light tweaking" and now it is mostly up to the kernel developers.
So, why not?
To remind you, even Windowses are going that way. Including that kind of
features. (No, not yet available. They just recompiled some of their software
with stack protection stuff that is on the newest compilers of theirs.) You
don't want the Linux to be laughed at. :) Heh.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Future of the security features
2003-10-12 20:26 Future of the security features anlar
@ 2003-10-13 0:37 ` Rik van Riel
0 siblings, 0 replies; 2+ messages in thread
From: Rik van Riel @ 2003-10-13 0:37 UTC (permalink / raw)
To: anlar; +Cc: linux-kernel
On Sun, 12 Oct 2003 anlar@hellfish.org wrote:
> The Linux kernel could be tweaked to be one nasty animal (can penguins be
> nasty?) guarding the security. Linux based systems could be a lot more secure
> with "some light tweaking" and now it is mostly up to the kernel developers.
> So, why not?
Maybe it's just me, but I didn't see the grsecurity people
send small mergeable patches to Linus ...
Then again, I wasn't watching well for most of the summer
so maybe they did submit something and I just didn't see it.
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-10-13 0:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-10-12 20:26 Future of the security features anlar
2003-10-13 0:37 ` Rik van Riel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.