Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 2 May 2017 23:16:14 +0200
From: Mathias Krause <minipli@...glemail.com>
To: Rik van Riel <riel@...hat.com>
Cc: Kees Cook <keescook@...omium.org>, Daniel Cegiełka <daniel.cegielka@...il.com>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: It looks like there will be no more public
 versions of PaX and Grsec.

On 2 May 2017 at 02:09, Rik van Riel <riel@...hat.com> wrote:
> On Tue, 2017-05-02 at 00:01 +0200, Mathias Krause wrote:
>
>> I think the intention of the KSPP is good -- making vanilla Linux
>> more
>> secure. But the way it does its work harms overall Linux security. It
>> does hurt mine, that's for sure!
>
> Yeah, no.

Well, yes, it does! Losing access to the grsecurity patch makes the
systems I do care about much less secure.

> The grsecurity people produced patches
> that were used on maybe a few tens of thousands
> of systems,

Where did you pull that number from? Out of thin air, I guess. I know,
for sure, there are many more installations.

> while the KSPP code will end up
> enhancing the security of over a billion Android
> devices.

Or making them more easily to DoS because features like VMAP_STACK and
HARDENED_USERCOPY will likely fail hard when hitting a vendor's diver
code base. Probably making them disable the problematic config
options. Even upstream still has to fix related fallout.

> Those Android devices are more likely to require
> hardening, too, since they do not receive security
> updates as quickly as the systems maintained by
> grsecurity users.

Why couldn't those devices benefit from grsecurity as well? Couldn't
google or Samsung just integrate grsecurity into their Android
kernels? They're far away from vanilla Linux anyway, so why not add
just another patch to provide some matured security code base to
protect those billion of Android devices? I'd guess, if a big player
like google would sponsor / pay grsecurity to provide a patch for the
relevant Android kernels, all sides would be happy: grsecurity for
getting wider adoption, Android users for having secured systems.

> Integrating hardening into the upstream kernel is
> a good thing for security, not a bad thing.

I never said it's a bad thing. Indeed I'm all for making vanilla Linux
more secure. Just how KSPP tries to do it is IMHO wrong. Ripping hunks
out of grsecurity and trying to integrate them into vanilla Linux
without understanding all the interdependencies or even the features
themselves, how would that provide security? By chance, maybe. But not
intentional, as that requires having thought of every corner case and
boundary condition.


Regards,
Mathias

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.