grsecurity forums

[Gnea]

For months I have been researching various parts of grsecurity but only over the past week have I gotten the chance to actually implement and deploy it (still haven't done a full deployment, still implementing/learning). I've come to the conclusion that, while difficult, it is not impossible to learn. Probably the biggest issue I've contended with so far regarding ACLs is the fact that the learning method of:

/usr/bin/program l {
}

is great, but for doing many programs at once seems to be the heart of things... some simple shell scripting helps:

yada:~# ps axf | awk '{print $5}' | grep bin | uniq

but it doesn't seem to crack the shell (so to speak). The only thing I've managed to find thus far is a perl script from a system called CylantSecure which utilizes grsecurity. The link to the script is here. It seems to actually work quite nicely, but I wonder if it could be expanded...

[spender]

The learning system in 1.9.x is pretty poor. If you want to see exactly what you wanted, look at 2.0. The learning code in it is simply leaps and bounds above anything else available commercially (and open-sourced, though no one else really is doing anything close to "smart" learning).

-Brad

[Gnea]

Right on, but this is the sort of system that I'd rather not have to recompile every so often for... granted, it's necessary sometimes, but from what I've read 2.0 has its share of bugs so far.. if I had the time I'd give it a shot (and I just might this weekend...) and see where it stands, I just need something that will be stable enough to leave and let run. 1.9 is definately at that level, it has improved a LOT since I first looked at it. Perhaps then my question would be: are 2.0 generated ACLs backward compatible with 1.9? I can simply dive into it later and find out on my own and tweak what I need here and there if things get hairy with 2.0, but anything's good at this point. Thanks and keep up the good work!