Re: [kernel-hardening] It looks like there will be no more public versions of PaX and Grsec.

[Rik van Riel <riel@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1464 bytes --]

On Wed, 2017-05-03 at 12:50 +0800, Shawn wrote:

> The fragmentation of Android eco-system may be inevitable. The whole
> chains is too long from ASOP/BSP/Vendors and it affect the security
> fix being delivered to the end user. According to my own statistic
> from my customers, there will be more than 7 millions of Android
> phone
> will be using some features of PaX/Grsec this year.

That is great news. I am glad to hear the hardening features
are being used on that many phones.

Of course, given the fragmentation of the eco-system, the
only thing that can get the hardening on all of the (new)
phones in the future will be getting the hardening features
into the upstream kernel.

> btw: I share the same view with Mathias Krause and other ppl who
> really concern the real sense of security. I like KSPP in the 1st
> place. But now I lost PaX/Grsecurity test patch. Who should I blame?

I am not sure anyone deserves blame for this situation.

Spender has been doing what is best for his business,
and his work is an important asset for security-minded
people.

Kees and the other KSPP contributors have been doing what
is best for the community, and wide-spread adoption of
hardening functionality.

The important question to ask is "what do we do now?"

I suspect the answer is upstreaming more and more of the
grsecurity functionality, so nobody needs to carry around
that patch any more.

-- 
All rights reversed

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]