Page 1 of 1

Grsecurity + RSBAC??

PostPosted: Sat Oct 22, 2011 11:38 am
by konst
Is this legit? Some guy merged grsecurity (including PaX) and RSBAC.

Link is http://dev.gentoo.org/~blueness
It's from the Gentoo overlay blueness.
I think it's the same guy who maintains the hardened kernel sources for Gentoo.
In past forum messages Brad said RSBAC runs slow but that was a few years ago. Anyone have any experience with it and what can RSBAC offer combined with grsecurity?

Re: Grsecurity + RSBAC??

PostPosted: Sun Oct 23, 2011 6:39 am
by PaX Team
konst wrote:Is this legit? Some guy merged grsecurity (including PaX) and RSBAC.
of course he's 'legit' ;), but where did you see RSBAC on that page at all, let alone it being merged with grsec? (and yes, RSBAC can be used with PaX, i think Amon Ott still maintains such kernels)

Re: Grsecurity + RSBAC??

PostPosted: Sun Oct 23, 2011 9:30 am
by konst
If you look at the Gentoo ebuild it says "Hardened + RSBAC kernel sources (kernel series...

This is the link to the git log of that overlay http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=tree;f=3.0.4;hb=3313223c13c9e85bd430fe2c6f7cab6fae8025ee

Re: Grsecurity + RSBAC??

PostPosted: Fri Nov 18, 2011 1:30 pm
by accela
Hello, there are different ebuilds[1] that use different patchsets [2][3] to install the source for each project. Blueness just used to track both patches together in git.

[1]http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=tree;f=sys-kernel;hb=HEAD
[2]http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/
[3]http://dev.gentoo.org/~blueness/hardened-sources/hardened-rsbac-patches/