2.6 freeze and grsecurity

[John R Moser]

I may have asked this before but I forget.

Is there any plan to impliment grsecurity into the final 2.6 release 
before all the tests are finished and the thing is frozen totally?  I 
think it's worth it.  I did notice seLinux, but as far as I understand 
it, grsecurity is different from seLinux.  As far as I understand, 
seLinux is a lower-than-os ACL system, whereas grsecurity is a security 
vulnerability squelcher; that is, seLinux lets you control who does what, 
whereas grsecurity tries to make sure that broken programs don't 
constitute a security hazzard and evade the system's security 
countermeasures.  That is my understanding of PaX, grsecurity, and 
seLinux in a nutshell.

Due to this "kill the problem at its source" approach to executable 
security bugs, I think that grsec belongs in 2.6's core distribution, if 
possible.  As far as I know, there is no 2.6 patch for grsecurity, but 
I'd at least feel better knowing that Linus (and the other guy, who's 
name escapes me right now) would at least consider allowing grsec to make 
its way to the core distribution of the kernel even if a 2.6 patch 
doesn't make it out until a few revisions in.  The generic security 
increase is something that nobody can really argue with, although other 
issues like the sudden strange inclusion of a whole new section in the 
kernel for a revision may provide the other side of the argument.

GRsec is in no way all-powerful, but I really feel safer with it.

--Bluefox Icy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/