Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Community's opinion of grsec/pax
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
eidolon.alpha
n00b
n00b


Joined: 09 Nov 2018
Posts: 2

PostPosted: Fri Nov 09, 2018 2:51 pm    Post subject: Community's opinion of grsec/pax Reply with quote

Hi,

I'm building a headless router and am trying to determine if grsec/pax is worth it. I read the Gentoo page on it and it didn't seem like there were concerns about the versioning.. However, I know that the project is now on a paid subscription and the final open-source releases are behind the "official" (paid) ones.

My question is, is grsec or pax really worth using anymore (ie, would you use them if you were building this kind of project system)? If not, what would be the best correlative(s)? I've read several of the "Project:Hardened" articles already, and I'm open to more readings if anyone posts them.

Thanks.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5593

PostPosted: Fri Nov 09, 2018 5:57 pm    Post subject: Reply with quote

Not worth the legal risk, and by all accounts it was snake oil to begin with. Just use hardened and keep your system up to date.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42592
Location: 56N 3W

PostPosted: Fri Nov 09, 2018 7:02 pm    Post subject: Reply with quote

eidolon.alpha,

Use the hardened profile and gentoo-sources kernel. See the Kernel Self Protection Project
Some features of grsec have made it into the mainline kernel. Some never will.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
eidolon.alpha
n00b
n00b


Joined: 09 Nov 2018
Posts: 2

PostPosted: Fri Nov 09, 2018 7:44 pm    Post subject: Reply with quote

Thanks for the replies. It never seemed very effective, but I thought I'd get some other insights. I'm wondering, from a security standpoint, if Gentoo offers an advantage over openbsd, but I can start a new thread for that if need be.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Sat Nov 10, 2018 12:44 am    Post subject: Reply with quote

Grsecurity had some good ideas, and some that were not so good. If they were still supporting open releases, and you had an environment where untrusted users could substantially influence an application (web server, webapps, shell accounts, etc.), I'd consider using it. Since they aren't open, and your description suggests that untrusted users won't have much ability to influence it, I recommend against trying to use it here.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum