Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1493683745.2530.2.camel@redhat.com>
Date: Mon, 01 May 2017 20:09:05 -0400
From: Rik van Riel <riel@...hat.com>
To: Mathias Krause <minipli@...glemail.com>, Kees Cook
 <keescook@...omium.org>
Cc: Daniel Cegiełka <daniel.cegielka@...il.com>, 
	"kernel-hardening@...ts.openwall.com"
	 <kernel-hardening@...ts.openwall.com>
Subject: Re: It looks like there will be no more public
 versions of PaX and Grsec.

On Tue, 2017-05-02 at 00:01 +0200, Mathias Krause wrote:

> I think the intention of the KSPP is good -- making vanilla Linux
> more
> secure. But the way it does its work harms overall Linux security. It
> does hurt mine, that's for sure!

Yeah, no. The grsecurity people produced patches
that were used on maybe a few tens of thousands
of systems, while the KSPP code will end up
enhancing the security of over a billion Android
devices.

Those Android devices are more likely to require
hardening, too, since they do not receive security
updates as quickly as the systems maintained by
grsecurity users.

Integrating hardening into the upstream kernel is
a good thing for security, not a bad thing.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.