[ubuntu-hardened] grsecurity
Kees Cook
kees at ubuntu.com
Thu Mar 27 17:17:24 GMT 2008
On Thu, Mar 27, 2008 at 05:26:43AM -0700, Jeff Schroeder wrote:
> On Wed, Mar 26, 2008 at 10:08 PM, Daniel Guido <dguido at gmail.com> wrote:
> > As long as I have everyone's attention for a little bit, can we work
> > on getting a grsecurity kernel build into multiverse? Ubuntu would be
> > teh win if we had that.
>
> Not that I'm the right person to ask, but I've heard Ben Collins from
> Canonical echo that it doesn't make sense (from a maintainability
> standpoint) for them to keep adding more kernels. A grsecurity kernel
> should go into Universe but probably won't.
>
> Did you know that the Security team takes proactive security features
> from other distros and upstream to put into Ubuntu? [1] Also, instead
> of a seperate kernel, they are splitting grsecurity into individual
> patches and slowly integrating those [2]. You are more than welcome to
> create a PPA of your own and upload grsecurity kernels.[3]
>
> [2] https://wiki.ubuntu.com/HardyServerSecurity
We could really use some help extracting the GRsec patches that are
still useful (much of the functionality has already made it into
upstream through various paths). I would love to gather a list of all
the features people would like to see so they can get broken out and we
can start sending them to lkml. I propose starting:
https://wiki.ubuntu.com/SecurityTeam/Roadmap/Grsecurity
and from there, list the features, the CONFIG names, and what it'd take
to extract them for mainline inclusion.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-hardened
mailing list