| Main Archive Page > Month Archives > ubuntu-hardened archives |
Re: [ubuntu-hardened] grsecurity
From: Kees Cook <kees_at_nospam>Date: Thu Mar 27 2008 - 17:17:24 GMT
To: jeffschroeder@computer.org, Ubuntu Linux Proactive Security deployment and development <ubuntu-hardened@lists.ubuntu.com>
On Thu, Mar 27, 2008 at 05:26:43AM -0700, Jeff Schroeder wrote:
> On Wed, Mar 26, 2008 at 10:08 PM, Daniel Guido <dguido@gmail.com> wrote:
> > As long as I have everyone's attention for a little bit, can we work
> > on getting a grsecurity kernel build into multiverse? Ubuntu would be
> > teh win if we had that.
>
> Not that I'm the right person to ask, but I've heard Ben Collins from
> Canonical echo that it doesn't make sense (from a maintainability
> standpoint) for them to keep adding more kernels. A grsecurity kernel
> should go into Universe but probably won't.
>
> Did you know that the Security team takes proactive security features
> from other distros and upstream to put into Ubuntu? [1] Also, instead
> of a seperate kernel, they are splitting grsecurity into individual
> patches and slowly integrating those [2]. You are more than welcome to
> create a PPA of your own and upload grsecurity kernels.[3]
>
> [2] https://wiki.ubuntu.com/HardyServerSecurity
We could really use some help extracting the GRsec patches that are still useful (much of the functionality has already made it into upstream through various paths). I would love to gather a list of all the features people would like to see so they can get broken out and we can start sending them to lkml. I propose starting:
https://wiki.ubuntu.com/SecurityTeam/Roadmap/Grsecurity
and from there, list the features, the CONFIG names, and what it'd take to extract them for mainline inclusion.
-Kees -- Kees Cook Ubuntu Security Team -- ubuntu-hardened mailing list ubuntu-hardened@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened