The end of a certain age of grsec
|
It only confirms what I long suspected, the grsec developers care more about personal profit than linux security.
|
What do you guys plan to use instead of grsec?
|
To be honest while I found the idea of a hardened kernel appealing and grsec seemed the best option, but even then the developer attitudes repelled me. In retrospect I guess that was for the best. Now I am interested if either the hardened gentoo or alpine linux communities can continue to move forward.
|
Quote:
Nobody think about it seriously. There is some "barriers" to prevent get in ring 0 like AppArmor or Selinux but they not prevent exploitation and barrier breaks. https://grsecurity.net/compare.php Ring 0 is the basis to think about security in Linux IMHO. Some elements of grsec ideas in recent kernels introduce Kees Cook because protection default kernel is not the best. |
Seems like you are making a case for the commercialisation of the project ...
These things happen. Often. |
Quote:
Some things are ending.Linux too.I hope not but like I see comercial already knows how to fight with community taking everything giving little or nothing. |
fyi: LONG discussion (&more links) here: http://news.ycombinator.com/item?id=14202421
RE: #4: I just 'discovered' AlpineLinux, so I wonder too. Also DevilLinux http://wikipedia.org/wiki/Grsecurity mentions Alpine. |
Quote:
|
I would rather say: thank you for your sixteenth years of well done job for Linux. I wish the best, hope enterprise will be successful, this is good when other see you can earn honestly some money with Linux. For those who really care about security, there is no question pay or not to pay. It is being done what is necessary. All the best. And please do not listen, all those complaining: they are simply jealous.
|
We're all really fortunate that there are so many people who pour years of their lives to developing great software that they provide at no cost at all. But this is a blessing, not a right. The developers are the IP owners of the software they create, and they are free to license it as they choose. It's not "greedy" to do so, but it is rather entitled to demand they provide it free of charge.
My 2 cents, though I expect it is not a very popular viewpoint. |
Quote:
If by "IP" you mean software patents, and if Grsecurity is located in the US where software, algorithms, and business methods are patented, then no, odds are someone else controls many or all of the patents. For that they are not free to license it as they choose. Anyway, here is a blog post at hardenedlinux about why Gresecurity made the licensing change: |
Quote:
|
While its okay for grsec to charge money for their code, its not okay for them to put their customers under threat of retaliation if the code is then shared with someone else.
|
This is a long, sad history, involving the clash of personalities and a considerable degree of bitterness (involving Torvalds, spender and others) leading to the current situation today.
While I can understand PaX/grsec making their patches private, after well over a decade of putting them out for free and being largely undervalued by Torvalds and others [as "security people"], KSPP was probably the final insult, though I have to say that spender's attitude and "we did it first!" approach has been a large contributing factor. As some have commented, this might be the "kick" which will spawn other people/projects to start working on Linux kernel security. Some of the multi-billion dollar corporations who fund, use and profit from the Linux kernel might want to make a start on this or pour in some investment. //edit: http://undeadly.org/cgi?action=artic...20160527203200 This was an article last year when OpenBSD began implementing W^X. If you read the comments you'll see that PaX team jump in immediately to ensure the reader knows they got there first. I have to agree with some of the comments, in that PaX/grsec was never going to make headway in it's current form as it's not really being widely used and not really being implemented correctly in distributions which offer it. Recent events won't really help in it's adoption. |
All times are GMT -5. The time now is 10:20 AM. |