grsecurity forums

[alan.d]

Dear spender, Pax Team,

I would like to ask, if you also consider private customers, who would be willing to pay for access to the test patch for their own usage only!?
Do you consider all requests submitted by your contact form, or are you only considering companys (as it is a required field)?

Thanks for your great work, sad but to hear about your decision, but it would make me happier if there was still a chance to get individual access for cash.

[Shutterfly]

I join this question. I'm using a grsec kernel on my local machines at home (desktop and home server) and I would keep the great work from you.

[bugmenot]

Seconded! I also sent an e-mail asking for a price, but received no response. I trust spender has been really busy since the transition, but here's hoping for individual access to test patches. His work is indispensable in protecting even desktop computers from zero-day, so I hope he doesn't keep the project limited only to big corporations.

[saironiq]

I, too, would like to continue using the grsecurity test patches on my personal machines.
Please consider at least adding an individual subscription option at reasonable pricing.

[KDE]

I'm using test patches on my home PC. I live in country with low average wage. I can't move to country with higher wages because of barriers.
https://en.wikipedia.org/wiki/List_of_c ... erage_wage
UNECE statistics are realistic for my home country.

[alan.d]

I haven't received any email reply either yet, I can imagine they are really busy atm.

Still hoping they also consider individuals who greatly appreciate their work and would like to support them!

[wayne]

I asked this question too but also never got a reply.....
I really hope you make these available to personal users

[timbgo]

For all of users of grsecurity, the state of ripoff of grsecurity's code seems to have become unbearable, and that is the reason of the current state.
Pls read:
It looks like there will be no more public versions of PaX and Grsec.
On the other hand, spender and PaX Team have, apparently, expecting that the things won't be changing in the ripoff-attitude of the KSPP (Kernal Self Protection Project or so), planned ahead, and they have left the development in a state that is not desperate to take up and continue using instead of the closed project of grsecurity, the unofficial+grsecurity (or that it be renamed differently in the future) for quite some time longer from now.

I am talking about:
https://github.com/minipli/linux-unoffi ... cial_grsec

I have successfully installed it in my Gentoo machine, and also in my Devuan machine (which means in all Debian based/forked distros it will also most likely work).

And 4.9 is a LTS kernel (Long Term Support).

You can read how I did it around:

Technical repercussions of grsecurity removal
https://lists.gt.net/gentoo/hardened/326262#326262

(where my successful install report is actually away from the thread, because of change in subject line):
Unofficial grsec kernel install WAS: Technical repercussions of grsecurity removal
https://lists.gt.net/gentoo/hardened/326281

And also at (and around, I always try to give all the links necessary):

Grsecurity/Pax installation on Devuan GNU/Linux
https://dev1galaxy.org/viewtopic.php?id=596

We have come a long way from the collusion being seen through in the signature of mine... A long way... And the culprit, the Mr Linux, has become even more brazen... That really is how I, and sadly so, see it...

BTW, could somebody try and paste that link:
rootkit hooks in kernel into the Wayback Machine, it would be a great loss to the keeping of truthful historical records, if it were to be lost?

Just, when you peruse the ample reading offering, try and not to forgo:
It looks like there will be no more public versions of PaX and Grsec
http://openwall.com/lists/kernel-harden ... 7/05/04/20

Shawn's collection of links there are an eye-opener, esp. this one
link which, to me, feels like sacrilege:
https://mjg59.dreamwidth.org/39546.html
about Karen Sandler, the executive director of the Software Freedom
Conservancy, by sly means prevented to stand for LF board

Regards!
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Try refute: rootkit hooks in kernel,
linux capabilities for intrusion? (Linus?)

[alan.d]

Reading across many different websites makes me quite sad, as I can see PaX Team spending time explaining trolls and critics the situation they don't want to understand.
Meanwhile there are people who did and do care about their work and would like to explore possibilities to support them in the future, but are ignored, both on the forums and per email requests.

I think at least it could save you Mail traffic if you declare that you do not want to offer patches to private customers.

Your users are not to blame for the disfavour of others

[fly_a320]

I am using grsec for years now on my private machines.

I would be very interested in buying access to the test-patches.

Thanks for the great work!

[bugmenot]

With each consecutive kernel release, since loosing access to grsecurity, I feel extremely vulnerable.
It becomes more and more apparent that upstream linux-kernel doesn't give a darn about security, which is very worrying.

Where do the security conscious go from here? If we can't buy individual access to the test patches, I see no future on Linux.
Perhaps HardenedBSD?

[alan.d]

Obviously they are going trough a lot of pain:
http://openwall.com/lists/kernel-harden ... 7/06/03/14
and I think it's quite understandable they don't mind now about "us" here at this point.

I think, if there are a lot more of "us", we should definitely gather and explore possibilities to support spender and PaX Team somehow.
Even if they will never sell us their products, then at least to say thanks for the past.
Any ideas?

It would be good to know how many people are interested, but I guess spender knows that already by counting email.

Btw. I am now unable to find the donate information on the new home page .

[wayne]

..and still no comment on this. For a long while I have come down on Brad's side in his debates with Linus, I think the work carried out has been a fantastic enhancement to the kernel. But I'm slightly beginning to have second thoughts...maybe what is really needed is for the upstream kernel to be patched properly
Some of the discussion at http://openwall.com/lists/oss-security/2017/06/24/ is worth thinking about. What do others think?

[spender]

Test patches are unlikely to return, and we don't sell access to our beta patches. Unless you can solve the problem of billion dollar corporations exploiting our work and expecting additional free work out of us, the situation won't change. Jake should be replying to all requests, though it is indeed unlikely for someone to buy access for personal use. Google made the choice to engage in underhanded competition against us with our own code -- we're simply protecting our ability to continue our work at all. We gave permission publicly for any supposed offers made to us to be disclosed in public, including any financial terms. None have been posted because they simply don't exist. It is ridiculous how many people feel sympathy for billion dollar corporations that have ignored Linux security for years and still aren't putting any real investment into it. Their failure to do so is somehow our fault for not doing it for them for free out of our free time and letting our own work rot because of it. But it's most rich being told this solely from full-time funded kernel developers.

-Brad