Re: [kernel-hardening] It looks like there will be no more public versions of PaX and Grsec.

[Rik van Riel <riel@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 3095 bytes --]

On Tue, 2017-05-02 at 23:16 +0200, Mathias Krause wrote:
> On 2 May 2017 at 02:09, Rik van Riel <riel@redhat.com> wrote:
> > On Tue, 2017-05-02 at 00:01 +0200, Mathias Krause wrote:
> > 
> > > I think the intention of the KSPP is good -- making vanilla Linux
> > > more
> > > secure. But the way it does its work harms overall Linux
> > > security. It
> > > does hurt mine, that's for sure!
> > 
> > Yeah, no.
> 
> Well, yes, it does! Losing access to the grsecurity patch makes the
> systems I do care about much less secure.

Your systems are not necessarily representative of the
overall security of all Linux systems in the world,
though.

> > The grsecurity people produced patches
> > that were used on maybe a few tens of thousands
> > of systems,
> 
> Where did you pull that number from? Out of thin air, I guess. I
> know,
> for sure, there are many more installations.

I have seen a few emails suggesting there are millions
of systems with grsecurity patches around, and I got
the number wrong by several orders of magnitude.

However, that does not invalidate my original point:
the number of grsecurity protected systems is only a tiny
fraction of the entire Linux installed base.

It would be good to get hardening functionality upstream,
in order to get a majority of Linux systems (that get
deployed in the future) hardened out of the box.

> > Those Android devices are more likely to require
> > hardening, too, since they do not receive security
> > updates as quickly as the systems maintained by
> > grsecurity users.
> 
> Why couldn't those devices benefit from grsecurity as well? Couldn't
> google or Samsung just integrate grsecurity into their Android
> kernels? They're far away from vanilla Linux anyway, so why not add
> just another patch to provide some matured security code base to
> protect those billion of Android devices? I'd guess, if a big player
> like google would sponsor / pay grsecurity to provide a patch for the
> relevant Android kernels, all sides would be happy: grsecurity for
> getting wider adoption, Android users for having secured systems.

They could, but the reality is many vendors will not
bother enabling hardening features unless the code is
already there and enabled by default in the upstream
kernel.

> > Integrating hardening into the upstream kernel is
> > a good thing for security, not a bad thing.
> 
> I never said it's a bad thing. Indeed I'm all for making vanilla
> Linux
> more secure. Just how KSPP tries to do it is IMHO wrong. Ripping
> hunks
> out of grsecurity and trying to integrate them into vanilla Linux
> without understanding all the interdependencies or even the features
> themselves, how would that provide security? By chance, maybe. But
> not
> intentional, as that requires having thought of every corner case and
> boundary condition.

How would you do it?

Maintainers integrate code one patch series at a
time. That is not a constraint you can work around,
because code does need to be reviewed.

-- 
All rights reversed

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]