lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 03 Jan 2009 21:06:16 +0100
From:	Gabor MICSKO <gmicsko@...il.com>
To:	torvalds@...ux-foundation.org, akpm@...ux-foundation.org
Cc:	linux-kernel@...r.kernel.org
Subject: Grsecurity is about to be discontinued, unless...

Hi,

As most of you probably know, a GPL licensed security solution called
grsecurity [1] has been available for the Linux kernel since a while. It
has a rather impressive list of features [2]. The lead developer has
been maintaining patches for the 2.4 and the 2.6 branch for many years.

According to their developers, the patch includes various advanced
security aspects which inspired several further projects [3].

A week ago, the latest - and probably the last - release was published.
The main developer lost its sole sponsor due to the financial crisis, so
the future of the project is in danger. As a result, the future
development of PaX [4], one of the definitive components of grsecurity
is also in deep trouble [5].

In the past, there have been several requests toward the Linux
developers to include grsecurity and PaX in the mainline kernel
[6][7][8], but in vain.

The common opinion of the developers of grsecurity, PaX and their users
is that acceptance of the code into the kernel would be the best
solution for saving the project, beside finding another long-term
sponsor.

Before the project would finally die, I would like to draw your
attention to the question of integration into the kernel again.

In short, I would like to know what is your answer to this request. And
in the case if you see no chance for the integration, I would like to
know what is the reason behind this decision.

[1] http://www.grsecurity.net
[2] http://www.grsecurity.net/features.php
[3] http://grsecurity.net/~spender/grsecurity_pax-influence.png
[4] http://pax.grsecurity.net/
[5] http://www.grsecurity.net/news.php#grsec2112
[6] http://lkml.org/lkml/2003/4/20/13
[7] http://lkml.indiana.edu/hypermail/linux/net/0602.0/0020.html
[8] http://lkml.org/lkml/2005/1/13/184


Thanks and best regards,


-- 
Gabor MICSKO - http://hup.hu

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ