Grsecurity/ PaX Kernel - Anyone want to test?

It works with my Ubuntu 12.10 install with both the FGLRX and OSS ATI GPU Drivers.

I want to just see how it is on other machines/ if I messed something up.

edit: Going to work some issues out with it first, then set up a PPA instead. Easier that way.

 

Umm. Is that signed? Do you have a public key? Not trying to be snarky here, but installing an unverified third-party package from someone's account on a file-sharing website strikes me as exceptionally bad security practice.

(I know you've got a thing about how security shouldn't rely on the user, but in this case I think it kind of has to.)

 

Signing it wouldn't do anything. I could sign malware easily. I could do the same thing with a signed PPA or anything else. I just chose not to use a PPA because it's a pain in the ass to set up.

I can't really do much but tell you that I didn't do anything 'malicious' with it. Oh and I'll get a hash of it so you can verify it's the same file that I uploaded.

sha1sum output:
69283f7806ede892a6553ee216026181b7bc7720

 

Signing it would at least give reasonable indication that it was in fact you who uploaded it, no?

 

The signature would confirm that I myself uploaded it, I suppose. But a SHA hash confirms that the file I've uploaded is the one you've downloaded. I don't see how signing it adds anything, but I'll probably sign the next release anyways.

 

The digital signature implies trust. And, by trust, it means that if something goes bad, they know who they will be beating up with a bat. In theory, anyway.

So, never sign your stuff...

 

Where is the source (GPL license demands the complete source even for build config changes) ?

 

Weird. So if I change a config in the Linux kernel I have to upload the source? Despite it being entirely unchanged?

I'll upload it later.

edit: I'm just going to stop and do this through a PPA once I work out the kinks. It'll make this simpler in the end. Just not interested in dealing with it right now.

 

You're at Wilders, what kind of reaction were you expecting? But yeah, about the GPL, sucks but Rhodes is right.

 

I would think the only thing necessary to upload would be the config, which is the only modified part. Regardless, I'm taking the link down until I can fix a few things and set up a PPA, which I won't be doing today.

 

No worries, I was not trying to be harsh, was actually thinking from a trust POV, having your config files could be useful.

Cheers, Nick

 

Definitely. Like I'd said in the blog post I was planning on uploading the config at some point but I considered that first kernel more of a test.

 

Can you upload it please? I'd like to test.

 

I can have it, and the source, uploaded later today for the 7.1 kernel. It'll be a few hours before I get the chance to upload it.

 

http://www.putlocker.com/file/6E45A2F84D5BBAC7

That includes the full source of the kernel as well as the compiled binary. Just extract it and install the .deb. Should be optimized with -msse2, assuming I added that to the makefile properly.

That's a hash for the compressed file and the .deb. That should be more than enough to know that the file I uploaded is the file you've downloaded.

You should be able to use chpax/paxctl (whichever is the current thing) to disable PaX features on a per program basis, let me know if it doesn't work.

This is actually a somewhat stripped kernel. If you need file system support outside of EXT4 it probably isn't the best. Forgot that I had customized it for my system. Craaaaaaaaaaaap, I probably have to recompile. Let me know if it doesn't work. If it does I'll wait until 3.7.2 to recompile, at which time I'll include more support.