[ubuntu-hardened] grsecurity vs vsecurity vs breezy

Dave Kempe dave at solutionsfirst.com.au
Sun Oct 16 23:11:21 CDT 2005

I have been using grsecurity patched kernels for hoary for a while now. 
I have upgraded a new server for a customer to breezy as part of the 
build process and find my kernel packages with grsecurity patches no 
longer work. The error I get now relate to permission denied problems 
with libcrypto etc, which is typical of a glibc without the PT_GNU_STACK 
option I think. (from some basic googling, without much in depth 
understanding of the code).

Does breezy support grsecurity/pax in any form?
Do I need to use vsecurity instead?
If I can use grsecurity (which I prefer) is there some libc that will work?

I have been bitten with non-grsec enabled systems in the past and I 
won't be going with breezy at all if it can't have some sort of hardened 
kernel patches. SELinux is a bit much work at present, grsecurity 
represents a good drop in fit for our uses, but we just may have to wait 
until dapper drake at this stage.



More information about the ubuntu-hardened mailing list