[ubuntu-hardened] grsecurity

Kees Cook kees at ubuntu.com
Thu Mar 27 17:17:24 GMT 2008


On Thu, Mar 27, 2008 at 05:26:43AM -0700, Jeff Schroeder wrote:
> On Wed, Mar 26, 2008 at 10:08 PM, Daniel Guido <dguido at gmail.com> wrote:
> > As long as I have everyone's attention for a little bit, can we work
> >  on getting a grsecurity kernel build into multiverse? Ubuntu would be
> >  teh win if we had that.
> 
> Not that I'm the right person to ask, but I've heard Ben Collins from
> Canonical echo that it doesn't make sense (from a maintainability
> standpoint) for them to keep adding more kernels. A grsecurity kernel
> should go into Universe but probably won't.
> 
> Did you know that the Security team takes proactive security features
> from other distros and upstream to put into Ubuntu? [1] Also, instead
> of a seperate kernel, they are splitting grsecurity into individual
> patches and slowly integrating those [2]. You are more than welcome to
> create a PPA of your own and upload grsecurity kernels.[3]
> 
> [2] https://wiki.ubuntu.com/HardyServerSecurity

We could really use some help extracting the GRsec patches that are
still useful (much of the functionality has already made it into
upstream through various paths).  I would love to gather a list of all
the features people would like to see so they can get broken out and we
can start sending them to lkml.  I propose starting:

https://wiki.ubuntu.com/SecurityTeam/Roadmap/Grsecurity

and from there, list the features, the CONFIG names, and what it'd take
to extract them for mainline inclusion.

-Kees

-- 
Kees Cook
Ubuntu Security Team



More information about the ubuntu-hardened mailing list