On 01/19/2014 04:06 PM, Kevin Olbrich
wrote:
Greetings,I did not know about grsecurity. Thanks for the hint. After some quick browsing it seemed it works like the windows code execution protection. I will try to compile the kernel with this patch like you did. Linux is the most secure OS IMHO - distributing this patch in debian would be great I think (as soon as all apps are compatible). I just decided to try this out the other day on my Wheezy 7.3 install. It wasn't that painful and I haven't noticed any performance impact or misbehaving (read: broken) programs, at least not yet. Then again, I haven't done real benchmarks. It appears that this patch is available in the apt repos under the "kernel" section (sensibly enough) as: linux-patch-grsecurity2 Once it's downloaded, it patches the kernel in an automated fashion and doesn't force a reboot (although I believe you still need one to make it effective, I suppose). That said, since it's a kernel patch, caveat emptor... your mileage may vary. And maybe some prefer to customize the options for the patch being applied. ;) Cheers, Andrew |