Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up(Kernel) hardening: Use PaX or Grsec #2345
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
ag4ve
Sep 30, 2016
I'll preface my liking this idea by saying I've never run PaX on Xen. There
might also be kernel version issues since they only release long-term
support kernel patches (there's a blog post about why - you pay for the
other versions). If neither of those are blockers - I would love to see
this.
On Sep 29, 2016 2:02 PM, "rugk" notifications@github.com wrote:
If you did not know already: You have been featured by Snowden.
🎉 So this issue is about a response by another user:
solation is one thing, memory corruption prevention is another. You might
need PaX/Grsec-based OS, @subgraph https://github.com/subgraph ?https://twitter.com/citypw/status/781497609298989056
So from quickly searching this issue tracker, it seems you do not use any
kernel hardening features. What do you think about adding them?The user also mentions another OS https://subgraph.com/. I think you
can certainly get inspiration from the competition.😄 —
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#2345, or mute the thread
https://github.com/notifications/unsubscribe-auth/ABNnP1BsJwAK3CvpBfgngxS9qpcEHEtbks5qu_1EgaJpZM4KKS7P
.
ag4ve
commented
Sep 30, 2016
|
I'll preface my liking this idea by saying I've never run PaX on Xen. There On Sep 29, 2016 2:02 PM, "rugk" notifications@github.com wrote:
|
andrewdavidwong
added
enhancement
C: kernel
labels
Sep 30, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
mfc
Oct 3, 2016
Member
thanks for opening this issue. for the past year we have tried convincing the subgraph team to work on this (including getting funding for them to do it) by creating subgraph templates for Qubes but they aren't interested. so I think it's worthwhile to track this effort and look elsewhere for potential implementers.
|
thanks for opening this issue. for the past year we have tried convincing the subgraph team to work on this (including getting funding for them to do it) by creating subgraph templates for Qubes but they aren't interested. so I think it's worthwhile to track this effort and look elsewhere for potential implementers. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
mfc
Mar 8, 2017
Member
just to update, the coldkernel team is working on this, see their blogpost and progress:
https://coldhak.ca/blog/2016/12/12/coldkernel-qubes-1.html
https://github.com/coldhakca/coldkernel/issues/35
|
just to update, the coldkernel team is working on this, see their blogpost and progress: https://coldhak.ca/blog/2016/12/12/coldkernel-qubes-1.html |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Sep 10, 2017
Member
Grsec is dead (at least as an open source project), so it doesn't apply anymore.
|
Grsec is dead (at least as an open source project), so it doesn't apply anymore. |
marmarek
closed this
Sep 10, 2017
rugk commentedSep 29, 2016
If you did not know already: You have been featured by Snowden.🎉
So this issue is about a response by another user:
https://twitter.com/citypw/status/781497609298989056
So from quickly searching this issue tracker, it seems you do not use any kernel hardening features. What do you think about adding them?
The user also mentions another OS. I think you can certainly get inspiration from the competition.😄