[ubuntu-hardened] grsecurity vs vsecurity vs breezy
dave at solutionsfirst.com.au
Sun Oct 16 23:11:21 CDT 2005
I have been using grsecurity patched kernels for hoary for a while now.
I have upgraded a new server for a customer to breezy as part of the
build process and find my kernel packages with grsecurity patches no
longer work. The error I get now relate to permission denied problems
with libcrypto etc, which is typical of a glibc without the PT_GNU_STACK
option I think. (from some basic googling, without much in depth
understanding of the code).
Does breezy support grsecurity/pax in any form?
Do I need to use vsecurity instead?
If I can use grsecurity (which I prefer) is there some libc that will work?
I have been bitten with non-grsec enabled systems in the past and I
won't be going with breezy at all if it can't have some sort of hardened
kernel patches. SELinux is a bit much work at present, grsecurity
represents a good drop in fit for our uses, but we just may have to wait
until dapper drake at this stage.
More information about the ubuntu-hardened