Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Intel Subsidiary's Violations Made Grsec withdraw Stable?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Sun Oct 25, 2015 11:41 pm    Post subject: Intel Subsidiary's Violations Made Grsec withdraw Stable? Reply with quote

title (since 2015-11-01):
Intel Subsidiary's Violations Made Grsec withdraw Stable?
(the question mark there, following further confirmations or denials, quick link with what I learned so far:
<this same topic>
https://forums.gentoo.org/viewtopic-t-1031476.html#7835446
)
---
previous title:
grsecurity withdrew support for stable; who did it to them?
---
I just read it in the news (I mean:
Code:

# eselect news read

;-) )
Give me the link someone to the page with that info in gentoo.org

EDIT 15-11-01:
and in the meantime:
<this same topic>
https://forums.gentoo.org/viewtopic-t-1031476.html#7835658
EDIT END

, pls (for proper reference:
Code:
# eselect news list
...
 [23] 2015-10-21  Future Support of hardened-sources Kernel

)!

But the more complete story is here:

Important Notice Regarding Public Availability of Stable Patches
https://grsecurity.net/announce.php

and my question is:

which one (and which ones are; but it's one in particular)...

which one(ones) is(are) that billion dollar embedded linux industry that did it to them?

I hate having to see such huge parasites sucking on good healthy body of a company that makes just about the most honest work in FOSS Linux, the grsecurity!

Which one(ones? They can't say, as their lawyers toled them not to, but somebody does know. Do tell the caring public, pls!

Regards!


Last edited by miroR on Sun Nov 01, 2015 1:25 pm; edited 5 times in total
Back to top
View user's profile Send private message
schorsch_76
Guru
Guru


Joined: 19 Jun 2012
Posts: 450

PostPosted: Mon Oct 26, 2015 1:44 am    Post subject: Reply with quote

As far as i know [1][2] it was Windriver Systems but it is just "hearsaying" ....

[1] http://lwn.net/Articles/655721/
[2] http://www.heise.de/open/meldung/Linux-Verfuegbarkeit-der-Grsecurity-Erweiterung-wird-eingeschraenkt-2792474.html
_________________
// valid again: I forgot about the git access. Now 1.2GB big. Start: 2015-06-25
git daily portage tree
Web: https://portage.schorsch-tech.de
git clone https://portage.schorsch-tech.de/portage.git
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 6494

PostPosted: Mon Oct 26, 2015 4:14 am    Post subject: Re: grsecurity withdrew support for stable; who did it to th Reply with quote

miroR wrote:
I hate having to see such huge parasites sucking on good healthy body of a company that makes just about the most honest work in FOSS Linux, the grsecurity!

From what i see, with their repeat treat put on the project (and its users) itself for money ; i think their only goal is money, and i wouldn't be surprise if tomorrow they sold it to the NSA or any other companies offering them big money for it.
What will think about them then? (if you like to know, myself, nothing, commercials companies do and should aim at doing money, so i wouldn't be surprise, but i'm guessing you will fall from your chair)

Closing the stable tree to anyone will certainly not help security increase ; but sure it will help getting more money...
It's not that i like/dislike what they do, but sure you are pretty too fast when you tag them with "most honest work" ; like they are the Mother Theresa of security...
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Mon Oct 26, 2015 6:23 pm    Post subject: Re: grsecurity withdrew support for stable; who did it to th Reply with quote

krinn wrote:
miroR wrote:
I hate having to see such huge parasites sucking on good healthy body of a company that makes just about the most honest work in FOSS Linux, the grsecurity!

From what i see, with their repeat treat put on the project (and its users) itself for money ; i think their only goal is money, and i wouldn't be surprise if tomorrow they sold it to the NSA or any other companies offering them big money for it.
What will think about them then? (if you like to know, myself, nothing, commercials companies do and should aim at doing money, so i wouldn't be surprise, but i'm guessing you will fall from your chair)

Closing the stable tree to anyone will certainly not help security increase ; but sure it will help getting more money...
It's not that i like/dislike what they do, but sure you are pretty too fast when you tag them with "most honest work" ; like they are the Mother Theresa of security...

I can see your point, but I don't share your view.

I am certain that they are not profiteers like you would believe.

The benefit that they gave to the world of computing is immense, in comparison to the return that they got... As far as the return, it's the principal lier and chief of the core in all the FOSS OS'es that is to blame: naver wanted to relinquish serving the NSA via paving the way for it with the LSM... Just study my signature...

I remember how spender, at one point, pretty distant, and where is that documented now I don't know...

But [I remember how] spender many yrs ago now, decided to quit, and it probably was because of such miserable return that it was poverty threatening his existence.

They are entitled to so much more.

I am not privy about any other circumstances in regard, but just what is anyway in public, and which anyone can find out about.

So I can not speak with factual certainty, that I admit. I am emotional about spender and PaX Team, because I have, and I still do, regard them as heroes of FOSS with all the good that they brought to FOSS...

I think what happened to Richard Matthew Stallman is that betrayal of FOSS values that you talk about, and he did sold in some fashion or another, to, just as you predict, wrongly I am pretty certain, for spender and PaX Team (but without complete logical backup to my certainly, I admit: insufficient insight I have)...

I think what happened to Richard Matthew Stallman is that betrayal ... and he did sold ... to, exactly the NSA: he promotes the SELinux, and that is his moral death of RMS to me...

The sky is falling on me for this sadness that now happened with grsecurity. I am literally despondent and sad because of it....

Not everybody can be virtuous as Socrates or the Catholic Saints, or, say some of the American Forefathers...

Aarghh... I could almost cry...

And to mention how I still dream to teach newbies complete deployment of the grsecurity (once I master most of its angles sufficiently)...

But the very important question is:

Who did it to them? What is the name of that embedded linux billion dollar complany?
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Sat Oct 31, 2015 7:23 pm    Post subject: Reply with quote

schorsch_76 wrote:
As far as i know [1][2] it was Windriver Systems but it is just "hearsaying" ....

[1] http://lwn.net/Articles/655721/
[2] http://www.heise.de/open/meldung/Linux-Verfuegbarkeit-der-Grsecurity-Erweiterung-wird-eingeschraenkt-2792474.html

schorsch_76, pls. forgive me that I didn't thank you sooner for this one. I'm having hard time, and ialso hugely overwhelming work. (Also poor eyesight, and so, all combined, didn't see your reply till now.)
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Sat Oct 31, 2015 11:01 pm    Post subject: Reply with quote

Doesn't look like a hearsay...

Find the:

Wind River wrote:

...
Expanded grsecurity packages in the secure kernel
...


in the page which currently contains all of this (pasting a few stretches):

Security Profile and Carrier Grade Profile for Wind River Linux
http://www.windriver.com/announces/security_carrier_grade_profile/

Wind River wrote:

Since 2004, Wind River® has delivered the best of open source technology optimized for embedded development.
...
Security Profile for Wind River Linux

Securing devices has never been more important as tighter security requirements migrate across industries. Security Profile provides detailed system monitoring and forensics and meets Common Criteria to reduce the risk of security breaches. Find out how all devices can be safely connected.
...
Operating System Protection Profile and Validation Tools (OSPP)
General Purpose Operating System Protection Profile (GP-OSPP)
Controlled Access Protection Profile (CAPP)
Labelled Security Protection Profile (LSPP)
Role-Based Access Control Protection Profile (RBAC-PP)
...
Vital Security Capabilities on Top of Open Source Innovation


Open source Yocto Project Linux at the core with a meta-security layer
Expanded grsecurity packages in the secure kernel
Certification-ready platform
Reduced costs and improved operational flexibility across devices
Wind River security expertise, with over 5,000 security vulnerabilities
investigated per year

Is this still correct? That the page shows these lines that you can read above? At this time, November 2015 started in the east of the globe, and just about to be starting in the west?

If you're reading this a few weeks later, still reads openly, with the "grsecurity" word, the trademark of the grsecurity company?

Out in the open?

And in the PDF document:
http://www.intel.com/content/dam/www/public/us/en/documents/guides/wind-river-idp-xt2-programmers-guide.pdf

there is a sub-chapter:
"The grsecurity Tool"

The document is freely available currently:
Code:

c295bf277339dea9bedda9f37bc25b8758cdd2236a63bd1f01996c18c47ed046  wind-river-idp-xt2-programmers-guide.pdf


But this research I did after finding, in the link that schorsch_76 gave, more precisely here:

Grsecurity stable patches to be limited to sponsors
http://lwn.net/Articles/655739/
where it reads:
tz wrote:

Some quotes from the company in question:
> I am a software engineer from Wind River (subsidiary of Intel), we ported GRsecurity patch (GRSecurity 2.9.1 -- 201207080925) into Wind River Linux as our security solution's critical part

> Vital Security Capabilities on Top of Open Source Innovation
> [...]
> - Expanded grsecurity packages in the secure kernel


It must be them. Linux Weekly News would not leave that post unquestioned, that post would, lots of right folks there, get refuted if it were not correct.

It must be them.

Intel, the multi billion dollar company, stealing, well this is morally stealing, yes it is, like that, via its subsidiary Wind River Linux

Regards!
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Sun Nov 01, 2015 8:20 am    Post subject: Reply with quote

This issue of degraded availability of grsecurity itches me very badly, because there will be no true security for FOSS Linux where grsecurity can not be deployed, and I care for newbies, and I care for the future of FOSS Linux...

I couldn't stand FOSS Linux becoming a swamp where NSA's SELinux pretends to defend users from intrusions and being owned... the NSA who, when and as they so please, intrude and own most of the users, of all OSes, worldwide.

So let's see when the unavailability of stable grsec-hardened kernels (meaning, I guess hardened-3.20 or such) took effect. (That is when I discovered it; not because I were to use stable, no, I use testing --so the unavailability of stable does not even affect me; but I care for others and for common good--, but because I read 'eselect news' when I update my Gentoo.)

Code:

# eselect news read 23
2015-10-21-future-support-of-hardened-sources-kernel
  Title                     Future Support of hardened-sources Kernel
  Author                    Anthony G. Basile <blueness@gentoo.org>
  Posted                    2015-10-21
  Revision                  3

For many years, the Grsecurity team [1] has been supporting two versions of
their security patches against the Linux kernel, a stable and a testing
version, and Gentoo has made both of these available to our users through the
hardened-sources package.  However, on August 26 of this year, the team
announced they would no longer be making the stable version publicly
available, citing trademark infringement by a major embedded systems company
as the reason. [2]  The stable patches are now only available to sponsors of
Grsecurity and can no longer be distributed in Gentoo.  However, the team did
assure us that they would continue to release and support the testing version
as they have in the past.

What does this means for users of hardened-sources?  Gentoo will continue to
make the testing version available through our hardened-sources package but we
will have to drop support for the 3.x series.  In a few days, those ebuilds
will be removed from the tree and you will be required to upgrade to a 4.x
series kernel.  Since the hardened-sources package only installs the kernel
source tree, you can continue using a currently built 3.x series kernel but
bear in mind that we cannot support you, nor will upstream.  Also keep in mind
that the 4.x series will not be as reliable as the 3.x series was, so
reporting bugs promptly will be even more important.  Gentoo will continue to
work closely with upstream to stay on top of any problems, but be prepared for
the occasional "bad" kernel.  The more reporting we receive from our users,
the better we will be able to decide which hardened-sources kernels to mark
stable and which to drop.

Refs.
[1] https://grsecurity.net
[2] https://grsecurity.net/announce.php

Timestamped '2015-10-21', so it's still recent at the time of this writing, the taking effect in Gentoo.

This post remains with this info only, for easy reference.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum