grsecurity forums

Although I haven't installed or tried it yet compiling L4Linux/Fiasco.oc microkernel based OS, what do you think of the security of it? Does grsec work on it? I assume it's obviously needed for the l4linux paravirtualized kernel. But beyond thet paravirtualized kernel environment, in the fiasco.oc OS proper is the security comparable to grsec on the linux/environment?

Monolithic kernels are so last century.

Some more info on L4Linux and Fiasco.oc
L4Linux running on top of the Fiasco.oc (L4) microkernel http://os.inf.tu-dresden.de/L4/LinuxOnL4

The Fiasco.oc microkernel http://os.inf.tu-dresden.de/fiasco

And here is a formally verified secure microkernel http://ertos.org/research/sel4

Last time it was GNU Hurd Why don't you try it out and report back with a writeup about the experience?

-Brad

spender wrote:Last time it was GNU Hurd Why don't you try it out and report back with a writeup about the experience?

-Brad

I will when I have time. I found that you do need grsecurity within the virtualized L4Linux environment.

Furthermore the NOVA microhypervisor seems to be the way to go for a more secure system (pdf file) http://os.inf.tu-dresden.de/papers_ps/steinberg_eurosys2010.pdf
(from this page with good info on those microkernels and microhypervisors http://www.inf.tu-dresden.de/index.php?node_id=1429&ln=en )

The problem is I'm not a security expert (just a novice) so I was wondering if you have an opinion on how secure that approach is?
Within the virtualized L4Linux with grsecurity it should be the same as normal linux with grsecurity but what about the system outside that, i.e. the system running on top of the microkernel?