On Sat, 2011-12-31 at 18:19 +0100, Carlos Alberto Lopez Perez wrote: > On 31/12/11 12:24, Laurentiu Pancescu wrote: > > > > I think now only grsecurity is available in Debian, providing similar > > functionality (it does much more than exec-shield, but it's also more > > intrusive - not sure if it's even possible to use SELinux at the same > > time). I don't mean this in a bad way, grsecurity seems to boost kernel > > security quite a bit > > Meanwhile you don't enable the RBAC part of the grsecurity patch you can > use SELinux with the grsecurity patch. > > > grsecurity-RBAC is the grsecurity's alternative to SELinux, which I find > far easier and user-friendly to use than SELinux. Here is a nice to read > paper [1] comparing both grsecurity-RBAC and SELinux. > > > There has been some people pushing for adding a grsecurity featureset > (flavor) to the official Debian kernel. [2] Perhaps some of you would > like to show your support or help pushing for it in order to make it > happen, I definitively would love to see a linux-image-grsecurity in > Debian :) > > > > Regards! > > > > > --------- > [1] http://www.cs.virginia.edu/~jcg8f/SELinux%20grsecurity%20paper.pdf > [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090 > >
I recently had contact with the guy behind cr0.org. He told me that he wasn't very active anymore, but he was planning to work on the 3.1.5 kernel soon. You can check out the repositories at http://debian.cr0.org/ Perhaps he's interested in having his work integrated into Debian? I can contact him tomorrow via email. I don't know the guy personally. But I'm willing to pick this one up. Grsec would be a very easy way to improve the kernel security in Debian. SELinux has a bigger learning curve I guess.
signature.asc
Description: This is a digitally signed message part
