What do you think about Grsecurity future ?
56 views
Skip to first unread message
turb...@gmail.com
Jul 5, 2017, 12:02:03 PM7/5/17
to qubes-users
turb...@gmail.com
Jul 5, 2017, 12:52:19 PM7/5/17
to qubes-users, turb...@gmail.com
Also, end of public grsecurity patches
turb...@gmail.com
Jul 5, 2017, 1:05:51 PM7/5/17
to qubes-users, turb...@gmail.com
End of official PaX and grsecurity support in Arch Linux
https://lists.archlinux.org/pipermail/arch-general/2017-April/043604.html
Vincent Adultman
Jul 5, 2017, 3:05:06 PM7/5/17
to qubes...@googlegroups.com
It's a great pity, especially as the coldkernel guys were just starting to get going with something us Qubes users could deploy.
I don't know any of the personalities involved to speak to the wider issues of whether the decision to pull public patches is justified or not, but personally if it's a big enough FU to large corporate rip off merchants of original work and causes them enough problems perhaps it's worth the aggravation to us mere mortals. If it's just about money and whose balls swing the longest...well meh. For some reason (given I don't use his OS or know him) I trust the word of the copperhead guy.
I'm unsure of the impact (if any) on what benefits could have been bought to dom0 had the decision not been taken, but in VM terms, where we rely on qubes provided kernel or distro via pvgrub2 I guess it's business as usual. As I'm using 'their' OS, if ITL didn't deign to include something, I'm generally happy with that decision.
Once action I have taken is to enable tasket's root action prompt [1] for my disposable VM template as a bit of 'hardening' there, although I can see Joanna spitting in my eye from here for supporting that action ;) In my view there is some utility in knowing if something opened in a dispvm is trying to escalate to root...
Reply all
Reply to author
Forward
0 new messages