Future of the security features

[anlar]

I have been playing with the Grsecurity (www.grsecurity.org) patches now for a
while and I wouldn't run a server anymore without it. I noticed from the kernel
list archives that the inclusion of features like Pax have been discussed
before and as I have understood, this might be a good time to try to get the
matter hot again.

There are a lot of nice security improving patches for the kernel. Pax against
many of the overflows in software for instance could be one nice day saving
feature. Making such features upstream would not cure the situation alone. I
believe though that it would help generally in making our computing safer.

Just take a look at all the small tweaks and improvements that are available
for
instance in Grsecurity. Whoa. Not bad. Would break some (poorly designed
mostly) software though if forced on. (The only really problematic in my
experience has been the Xfree86 server but even it can be fixed afaik to run
with all the Grsecurity patches.)

The Linux kernel could be tweaked to be one nasty animal (can penguins be
nasty?) guarding the security. Linux based systems could be a lot more secure
with "some light tweaking" and now it is mostly up to the kernel developers.
So, why not?

To remind you, even Windowses are going that way. Including that kind of
features. (No, not yet available. They just recompiled some of their software
with stack protection stuff that is on the newest compilers of theirs.) You
don't want the Linux to be laughed at. :) Heh.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/