Some Links for Newbies on Grsecurity, and the Big Picture

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Some Links for Newbies on Grsecurity, and the Big Picture

Postby timbgo » Mon Jan 06, 2014 2:48 pm

Some Links for Newbies on Grsecurity, and the Big Picture
Finding opinions on the web (reddit is fine, but just skim through this one page, on the other hand, the article which reddit points to is very illustrative, useful and truthful fully only where Pax Team and Spender write, how lonely they are in GNU Linux community!... but that's also some second and third referred links...)... So, finding opinions on the web on Grsecurity/Pax and GNU Linux security like these: ... proach_to/

, which is, some of the nonchalant views, simply people who don't get what it's about, and let's forgo outright liers in their own right and full deployment of trickery and deceit in matters of computing security, such as SELinux circlejerks and whoever made articles like this one: ... hp/3317331
("Linux Gets Security Boost from NSA")

(where NSA was asked to and condescendingly helped Linus and his friends develop, under guise of security, that piece of elaborate spyware with rootkit hooks pronto for their own use, and why would they then mind if true blackhats got those too... that the worst thing in GNU Linux history which SELinux is; stay away from it at all costs! Noo!! NSA wasn't asked and then agreed to help. They pored American taxpayers' and through U.S. of A.'s hegemonic grip on the world, my EU being great helper in the process, world's money, probably, oh it must be, it must be, bribing developers, or intimidating them, or anywhere in between those... the NSA bore themselves that child of their darkest dreams against the bastion of privacy and securiy that GNU Linux potentially is, and is actually, still, in real life, but only in hands of true experts, not common Joe users like you and me, bro! The NSA invented the SELinux and/or made/bribed/bought some GNU Linux developers to make/accomodate/or similarly, the SELinux.)

Legalese speaking, this above is not a factual knowledge of mine. I don't know that. But it must be. And I believe that I am free to connect the dots and think loudly. C'mon, the creators of various flavors of basically world-tap, and not just U.S. of A.'s nation-tap, wouldn't want to have access to your computer just as they have to any Microsoft or Apple installation whichsoever, they wouldn't?! But you, gentle reader, on the other hand, are free to shove your intellect dumb fast up and not connect any dots at all! And forget above all about Edward Snowden's absolutely marvelous and helping, saving leaks. If you really like to, shut your ears and your eyes fast on it!

But I hope you won't. Anyway this is for people who seek the truth. For the newbies who are left in the dark about this most interesting story, most sad on the side of the liers, and shiny story actually, on the side of these two security geniuses who give me and you, common Joe users of GNU Linux, some hope for security, privacy and freedom (no freedom really without privacy, and privacy is provided by security in computing), security which we would be bereft of, with the fake security structures of which SELinux is a prime example, which we would have none of, other then the fake appearances of it, the guise of security, on the outside, and with the hood fasten waterproof for us common Joe users who can't phatom programming.

But where the cogs and wheels underneath are, on us users, there is a whole complex sophistication of programs for intrusions and control, like in Microsoft and Apple and Google, yes, and Google appliances, whichsoever (but pls. read a note further below on Google).

It's an edifying story from the side of Spender and Pax Team, thanks to whom we can still hope for the promised GNU freedom. May the Supreme Intelligence shine on them so they can carry on with ever more forceful spite! To me, it would be the darkest day if anything happened to any of them. I hope the safest and strongest of our Galaxy's control structures wake on them to allow them to work for us, brother user! We depend on them more than you think!

The rootkit hooks of SELinux? I guess lots has evolved into different namings and functionalities, but read here, the basics of the deployment and true under-the-hood purpose of SELinux could have changed only as much as Google's underwater broadband cable's fragile necks for NSA to suck into all the data unencrypted, while Google was selling stories of the safety of people's and companies' data to users and companies (as if Google didn't know, yeah, Google didn't know about NSA sucking into their encrypted traffic wholesale, noooo they didn't, c'mon!). Or only as much as Prism and you name those fancy NSA's beasts have vanished in a blink of an eye.

I don't know, myself, that the Earth revolves around the Sun. Competent people tell me so, and I believe them.

And neither do I, myself, know about the rootkits. But Spender, and I don't think anyone else can claim to be greater expert in GNU Linux security than he in the world of this day, he told us so, and I believe him. Read, and share it with your friends:

That was Spender 2005. Like I said, namings and functionalities only may have evolved in the meantime, not really the purposes. And all must have grown ever more intricate and sophisticated yet...

The frank language that I use here is to be attributed solely to me. I expressed similar strong statements on these issues on, say Gnewsense mailing list, as well as Debian Forums, so it's not up to anyone but me.

I'm not a sycophant, it's just that Spender and Pax Team are my heroes without whom I justt don't think I would have any chance for true freedom and privacy, because there is just no securiy left in Linus's kernel anymore. If I had moneys, I'd pore all on Grsecurity and Pax, but I'm poor, even possibly remotely looking at forclosure on my propery....

I wanted to write more, but this information on Spender from 2005 is absolutely essential for newbies understanding, so this post is sufficient even as this much, for now.

There are other essential things that newbies need to know about Grsecurity, and probably the next one to give a link to, is how Microsoft, basically, stole Grsecurity for their Skype when they aquired it...

======= The current state of my fight for the security of my computers =============
But as I said here: ... 05#p525099
they broke into one of my Gentoo boxes, through Google Android, pls. read there.
I'm still dazed.
I need to ask question about my Java installation on Gentoo Forums, and will report back here. Gentoo Forums is a place with quite boring NSA trolls, so... it's not an easy place to get much done... Depends who I get attention from, because there's sure great people there doing absolutely marvelous Grsecurity/Pax hardening...
In short, it's my lack of attantion, and possibly the attacker being assisted and even given access to by the Regime in my country, can't tell for certain...
And it broke Grsecurity for my disregard/lack of time to check up on Java and Android packages in my Gentoo installation, not the fault of Grsecurity, but mine...
In the stupor of being owned, and malfanction of the broken into system, I forgot to dump the images of the partitions, before restoring them from backup... I only have /var/log/messages somewhere...
Miroslav Rovis
Zagreb, Croatia,
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Return to grsecurity support