Re: thoughts on kernel security issues

From: Valdis . Kletnieks
Date: Wed Jan 19 2005 - 15:44:36 EST

Next message: Ed L Cashin: "Re: [PATCH] AOE: fix up the block device registration so that itactually works now."
Previous message: Horst von Brand: "Re: [ANNOUNCE] Linux-tracecalls, a new tool for Kernel development, released"
In reply to: John Richard Moser: "Re: thoughts on kernel security issues"
Next in thread: John Richard Moser: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 19 Jan 2005 15:12:05 EST, John Richard Moser said:

> > And why were they merged? Because they showed up in 4-8K chunks.

> so you want 90-200 split out patches for GrSecurity?

Even better would be a 30-40 patch train for PaX, a 10-15 patch train
for the other randomization stuff in grsecurity (pid, port number, all
the rest of those), a 50-60 patch train for the RBAC stuff, and so on.

Keep in mind that properly segmented, *parts* of grsecurity have at least
a fighting chance - the fact that (for instance) mainline may reject the
way RBAC is implemented because it's not LSM-based doesn't mean that you
shouldn't at least try to get the PaX stuff in, and the randomization stuff,
and so on.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Ed L Cashin: "Re: [PATCH] AOE: fix up the block device registration so that itactually works now."
Previous message: Horst von Brand: "Re: [ANNOUNCE] Linux-tracecalls, a new tool for Kernel development, released"
In reply to: John Richard Moser: "Re: thoughts on kernel security issues"
Next in thread: John Richard Moser: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]