Re: Support Grsecurity/PaX

Tom Ritter

I'm pretty far from the kernel development community. I know the
generalities we've seen in this threat about different communities
attitudes about mainlining, and I understand that pretty much everyone
is either frustrated with the situation or given up on it.

I just wanted to weigh in add support to the notion that PaX/grsec is
a critical piece of security software, is very highly regarded, and
it's always the first thing we recommend to people when they ask "How
an we harden our systems?" Then they almost never do it. It _has_
been very frustrating over the years that it has not been mainlined,
but I would rather it exist out-of-tree and be made as available as
easily and broadly as possible than not exist at all.

Maybe the answer is going to the distros and making it easy to switch
to a patched kernel to drive adoption, or maybe that's a horrible
idea. I think it would be wonderful if something could be done - but I
don't know what the exact plan could be.


Join to automatically receive all group messages.