Results 1 to 9 of 9

Thread: grsecurity in openSUSE?

Hybrid View

  1. #1
    Join Date
    Dec 2008
    Location
    Moscow, Russia
    Posts
    11

    Default grsecurity in openSUSE?

    I did not find a proper forum to ask the question, so I ask it here. Is PaX implemented in openSUSE? Its features are listed here: Address space modification protection

  2. #2

    Default Re: grsecurity in openSUSE?

    Mm not really sure what you mean reading the install instructions you're doing that when you build the kernel. I could well be barking up the wrong tree but looking at the generic kernel-config at grsecurity only mention is in the Grsecurity section, which I doubt is enabled.

    I would thought the easiest way would be zcat /proc/config.gz | grep "Word I want"
    Man first, have a try at Info, have a look at Wiki, if all that fails Scroogle!!!!!
    If I've helped click on the Rep button I don't know what it does but it sounds cool.

  3. #3
    Join Date
    Sep 2008
    Location
    Dubai
    Posts
    1,770

    Default Re: grsecurity in openSUSE?

    I am not sure whether anything is available officially or from the community. gsecurity requires that you patch the kernel with gsecurity patches. Since, you are interested in setting up a server environment, you try patching vanilla kernel with gsecurity patches.

    Most people use AppArmor (may be because it already comes packaged) even though it doesn't have all the features of gsecurity.

  4. #4
    Join Date
    Dec 2008
    Location
    Moscow, Russia
    Posts
    11

    Default Re: grsecurity in openSUSE?

    Thank you for the answers. Now I see there's no grsecurity in openSUSE. I thought that I did not notice it maybe. And it's a pity. Of course, one may apply a patch to the kernel but it would be much better if we had a separate server kernel with all the patches already applied. It is really strange there is one kernel both for desktop and for server in openSUSE.

  5. #5
    Join Date
    Jun 2008
    Location
    Nuernberg
    Posts
    18

    Default Re: grsecurity in openSUSE?

    grsecurity has various features, most interesting of those are already implemented in the mainline kernel.

    - address space randomization - is in the kernel
    - NX protection - is in the kernel
    ... probably stuff I forgot...

    So not really "desperately missing".

    see:
    Security Features - openSUSE

  6. #6
    Join Date
    Dec 2008
    Location
    Moscow, Russia
    Posts
    11

    Default Re: grsecurity in openSUSE?

    Quote Originally Posted by msmeissn View Post
    grsecurity has various features, most interesting of those are already implemented in the mainline kernel.
    - address space randomization - is in the kernel
    - NX protection - is in the kernel
    I have found only CC_STACKPROTECTOR, CC_STACKPROTECTOR_ALL, COMPAT_BRK, SECURITY_DEFAULT_MMAP_MIN_ADDR. Could you please name the other options?

    Quote Originally Posted by msmeissn View Post
    Thank you.

  7. #7
    Conficter NNTP User

    Default Re: grsecurity in openSUSE?

    > It is really strange there is one kernel both for desktop and for server in
    > openSUSE.


    i guess it is because each of us can take the default kernel and
    change it as WE need it...

    perhaps most of us here do not need grsecurity, and can be quite
    happy, and secure with AppArmor, etc?

    therefore i ask you: should all of us be required carry an unneeded
    grsecurtiy OR remove it, so that you (and small minority) don't have
    to add it?

    further, i guess if you opt of SUSE Linux Enterprise Server (SLES) it
    might have a kernel which is not identical to SUSE Linux Enterprise
    Desktop (SLED)...openSUSE being the proving ground for *both* of those
    commercial offerings (by Novell) you should not be surprised that here
    we can get by with a generic kernel which fits most folks--and folks
    like you with other needs are free to compile in what you need....

    if you wish, during the initial install of openSUSE you may opt for a
    server only platform install, i've not done it so i don't know if the
    kernel itself is different, or simply the modules loaded into it..

    --
    Conficter

  8. #8
    Join Date
    Dec 2008
    Location
    Moscow, Russia
    Posts
    11

    Default Re: grsecurity in openSUSE?

    Quote Originally Posted by Conficter View Post
    > It is really strange there is one kernel both for desktop and for server in
    > openSUSE.

    therefore i ask you: should all of us be required carry an unneeded grsecurtiy OR remove it, so that you (and small minority) don't have to add it?
    Of course, not! That is why I think it would be good to have a separate server kernel.

    further, i guess if you opt of SUSE Linux Enterprise Server (SLES) it might have a kernel which is not identical to SUSE Linux Enterprise Desktop (SLED)...openSUSE being the proving ground for *both* of those commercial offerings (by Novell) you should not be surprised that here we can get by with a generic kernel which fits most folks--and folks like you with other needs are free to compile in what you need....
    At home I prefer to have it free of charge.
    if you wish, during the initial install of openSUSE you may opt for a server only platform install, i've not done it so i don't know if the kernel itself is different, or simply the modules loaded into it.
    The kernel is not different. But I have found I am not the only person who wants a different kernel. #305694: Separate Desktop / Server Kernels

  9. #9
    Conficter NNTP User

    Default Re: grsecurity in openSUSE?

    mike934 wrote:
    > The kernel is not different. But I have found I am not the only person
    > who wants a different kernel. '#305694: Separate Desktop / Server
    > Kernels' (https://features.opensuse.org/305694)


    great...perhaps what you wish for will come true!!

    until then you can always compile a perfect for your needs kernel..

    --
    Conficter

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •