Slashdot Mirror
End Of Development For Grsecurity Announced?
vrtk writes "I received this minutes ago, from the grsecurity mailing list, also displayed on the official site for the open-source security project: 'Beginning today, May 31, 2004, development of grsecurity will cease. On
June 7, the website, forums, mailing list, and CVS will be shut down. Due to a sponsor unexpectedly dropping sponsorship of grsecurity while
continually promising payment, I began the summer in debt and had to borrow money from family to pay for food. If none of the companies that
depend on grsecurity, some of them being very large, are able to sponsor the project, grsecurity will cease to exist. I am not looking for paypal
donations at this point, unless those that donate do so with the recognition that despite their donation, grsecurity may still never be
returning.'"
I also submitted this story (rejected) and provided various informational links on this issue:
i nuxCaseStudy.pdf
l
t y.xml
For a comparison between Grsecurity and SELinux:
http://www.cs.virginia.edu/~jcg8f/GrsecuritySEL
They also document and explain many of the issues facing the LSM project as well:
http://www.grsecurity.org/lsm.php
It will be interesting to see how the Gentoo Hardened Project will respond to this as well as they have done a great deal of work with grsecurity and provided some exceptional Grsecurity documentation (for the 1.9.x series).
http://www.gentoo.org/proj/en/hardened/index.xm
http://www.gentoo.org/proj/en/hardened/grsecuri
It will be sad to see this project fade away, especially for those needing an expressive security RBAC/MAC/PAX system. Grsecurity, combined with PAX, provided a well rounded security system that was sensible, somewhat easy to learn, and easier to administrate thanks to the powerful gradm Learning capability.
For those who don't know, grsecurity is a security oriented patch for the Linux kernel. It provides mandatory access controls, strengthens the chroot system call, adds /proc and filesystem protections, allows for kernel level auditing of almost everything, and includes the PaX patch to provide non-executable memory pages and address space layout randomization.
The MAC part, called RBAC for Role Based Access Controls, is very well done and the best I've seen. Configuration is very easy through a flat file interface. The system enforces that you have certain intelligent configurations set so you can't make simple mistakes destroying your security. It has a learning mode which will automatically give a least access ruleset for the whole system. Amazingly it actually works quite well. Also the learning mode can be turned on for individual roles or subjects making it easy to add a new program to a system with RBAC already running.
In my opinion grsecurity was the best hope for real security on linux for most people as it provides a comprehensive solution, is easy to set up, and it well engineered.
Read the website - both questions are answered in a short, 1 paragraph bit of text. GPL: >Though grsecurity is licensed under the GPL, I am >the sole developer and originator of ideas for the >project. Though it would be possible for others to >handle maintenance of the project, the quality >won't be held to the same standards and will not >progress with the same goals I have set for the >project. It is GPL licensed, but he doesn't think that it will keep being developed without him. Hosting: >I am not looking for help with hosting, as the >hosting for grsecurity has been provided for free >for over a year and a half and will continue to >be provided unless the project has to end. Sourceforge isn't useful since he already has free hosting.
It's the lameness filter preventing page widening. Just post real (tagged) links, mmkay?
From the link given in the story:
And:
How fucking hard was that? And this guy gets a +5 insightful. [shakes head in disbelief]
SteveM
Here, I'll fix it. Your post with clickable links:
You might want to use HTML next time. Or you might not.Show me on the doll where his noodly appendage touched you.
RTFA. He didn't do that. His sponsor PROMISED to pay him, and didn't deliver on that promise.
Bad companies must be allowed to fail. Else you wind up with Soviet Union-style state supported industries where the industry pretends to pay the workers who pretend to work.
Only it's not just the communists that do something like this. The western countries call that 'subventions' and 'protectionist trade policies'. Sometimes it actually makes sense (strategic products/industries and so on), sometimes it's just to keep the jobs within the country.
Security focus provided the following good explanation:
"...Grsecurity is a suite of patches (distributed as a single patch file) for the Linux kernel that are an attempt to improve the security of a Linux system. Grsecurity is based on a port of some previous patches for the Linux 2.2 kernel, including Openwall and PaX, which have never been ported to the 2.4 kernel. Grsecurity provides some updates to these patches and has been ported to the Linux 2.4 kernel..." continue reading SecurityFocus's review.
I read the 'comparative to LSM/SEL' links posted above, they are hardly complete, and while they may be arguably correct pont for point I couldn't agree with them.
If GRSEC is so good why have I never heard of any fully developed policy models? SE-Linux can run pretty much out of the box on a fully-featured server. I've run it without undue difficulty on 3 different distributions.
Spender and the RSBAC people both like to get up and say tbat LSM is no good. Lots of reasons are given e.g. "it doesn't provide full Bell-LaPadula security assurance" or "parts are patented".
I would counter:
Both grsec and rsbac are piecemeal solutions, pretty much a hodgepodge of admittedly good ideas patching the kernel to implement 'security'. By comparison LSM/SEL are integrated into the mainline kernel now, and the chosen perimiter is a pretty good one for practically improving Unix (Linux) security issues.
The 'Bell-La Padula' argument basically is complaining that SEL isn't setup for MLS (Multi-level-secure) so it must be no fscking good (TM). This of course is neglecting that the *target* audience for MLS computing (CIA, NSA, DOD ...) have given up on it, my understading is that most MLS implementations have been replaced with air-gapped systems to deal with the levels.
Now if the intended users if MLS (class B and A TCSEC evaluated systems) who have very deep pockets indeed have scrapped them who the hell are the targetted users?
As an amusing side story the founder of a distribution based on RSBAC not only had no idea about this when he started the project, he also had no idea what MLS was and had never read word one of the TCSEC. And when he did he was suddenly wondering how to get evaluated (for a certification that's no longer even available).
So basically I think Spender is interested in being *right*, not interested in doing collaborative work and when something better (in the sense of *practical and useful* came along he had little more to do than poke technical holes in it.
So I'm not in the least surprised that he's losing his funding. LSM/SEL is available, works now and is cost-effective to actually use on production servers.
It's the easiest thing in the world to point out that someone else's system design is not perfectly secure. However practical security is more a matter of practice and process than design anyway. And in the final analysis if you're not willing to make something that actually works (and to work with others to achieve that) then you're gonna have a hard time finding customers.
Linux is Linux, if One need clarify their dist: <Dist>/GNU Linux
bsds are of course just BSD
This post by Marius Amodt Eriksen is most insightful.