Slashdot Mirror

← Back to Stories (view on slashdot.org)

End Of Development For Grsecurity Announced?

Posted by simoniker on from the future-not-so-secure dept.

vrtk writes "I received this minutes ago, from the grsecurity mailing list, also displayed on the official site for the open-source security project: 'Beginning today, May 31, 2004, development of grsecurity will cease. On June 7, the website, forums, mailing list, and CVS will be shut down. Due to a sponsor unexpectedly dropping sponsorship of grsecurity while continually promising payment, I began the summer in debt and had to borrow money from family to pay for food. If none of the companies that depend on grsecurity, some of them being very large, are able to sponsor the project, grsecurity will cease to exist. I am not looking for paypal donations at this point, unless those that donate do so with the recognition that despite their donation, grsecurity may still never be returning.'"

10 of 306 comments (clear)

  1. Additional information by ccTech · · Score: 5, Informative

    I also submitted this story (rejected) and provided various informational links on this issue:

    For a comparison between Grsecurity and SELinux:
    http://www.cs.virginia.edu/~jcg8f/GrsecuritySELi nuxCaseStudy.pdf

    They also document and explain many of the issues facing the LSM project as well:
    http://www.grsecurity.org/lsm.php

    It will be interesting to see how the Gentoo Hardened Project will respond to this as well as they have done a great deal of work with grsecurity and provided some exceptional Grsecurity documentation (for the 1.9.x series).
    http://www.gentoo.org/proj/en/hardened/index.xml
    http://www.gentoo.org/proj/en/hardened/grsecurit y.xml

    It will be sad to see this project fade away, especially for those needing an expressive security RBAC/MAC/PAX system. Grsecurity, combined with PAX, provided a well rounded security system that was sensible, somewhat easy to learn, and easier to administrate thanks to the powerful gradm Learning capability.

  2. the decision not to pay him was no doubt made by.. by Anonymous Coward · · Score: 5, Insightful

    the sort of bastards that make $2500/hour being driven to country clubs to shake hands and joke about 'damned hippies'.

    "What, we don't need to pay him?"

    "Heh, yeah. Damn fool fell for that Open Source crap. He gets what he deserves."

    "Well, Damn Dirty Hippies, etc. Oh, and pass the caviar."

  3. cease to exist? by lawngnome · · Score: 5, Insightful

    how can it cease to exist? isnt open source software forever? (well in some form or another) it may not be regularly updated (or updated at all by the looks of the article) but could still prove useful in the future...

  4. Re:So what? by Atzanteol · · Score: 5, Insightful

    Since the developers went and got all selfish about things like 'eating' and 'clothes'?

    --
    "Ignorance more frequently begets confidence than does knowledge"

    - Charles Darwin
  5. Gentoo Hardened? by djcapelis · · Score: 5, Interesting

    I wonder if the Gentoo Hardened project will continue grsecurity development, they've done a bit of work with it anyways. Gentoo could certainly supply grsecurity with the needed webspace/cvs hosting etc...

    I wonder if that option was looked at before spender decided to give up. Does anyone have ideas on why this couldn't be done? Seems fairly simple to me..

    --
    I touch computers in naughty places
  6. background on grsecurity by Elendur · · Score: 5, Informative

    For those who don't know, grsecurity is a security oriented patch for the Linux kernel. It provides mandatory access controls, strengthens the chroot system call, adds /proc and filesystem protections, allows for kernel level auditing of almost everything, and includes the PaX patch to provide non-executable memory pages and address space layout randomization.

    The MAC part, called RBAC for Role Based Access Controls, is very well done and the best I've seen. Configuration is very easy through a flat file interface. The system enforces that you have certain intelligent configurations set so you can't make simple mistakes destroying your security. It has a learning mode which will automatically give a least access ruleset for the whole system. Amazingly it actually works quite well. Also the learning mode can be turned on for individual roles or subjects making it easy to add a new program to a system with RBAC already running.

    In my opinion grsecurity was the best hope for real security on linux for most people as it provides a comprehensive solution, is easy to set up, and it well engineered.

  7. Insult to injury by PsychoKiller · · Score: 5, Funny

    Not only does he run out of money, he gets a slashdotting too. :(

  8. Re:So what? by AstroDrabb · · Score: 5, Insightful
    You must have the brains of a rat and those who modded this "Insightful" must have equal brain power. Please tell me, what is "Insightful" in
    It sounds like what he wanted was employment. Being able to make a living off of a hobby is a lofty and unrealistic goal.
    Where is the "Insightful" knowledge that I should have gained from this comment? What it comes down to is this was _not_ a hobby for this guy. He worked full time and a few $BIG_COMPANIES promised him $XYZ in payment if he delivered $ABC. He delivered $ABC, and those $BIG_COMPANIES did not deliver $XYZ in payment. Most likely becuase his code was under the GPL and they could use it without his consent or their payments.
    --
    If Tyranny and Oppression come to this land,
    it will be in the guise of fighting a foreign enemy. -James Madison
  9. Re:Additional information (broken links) by pyrrhonist · · Score: 5, Informative
    WTF slashdot??? When I pasted this in, there were no spaces in the links!

    Here, I'll fix it. Your post with clickable links:

    For a comparison between Grsecurity and SELinux: click here

    They also document and explain many of the issues facing the LSM project as well: here

    It will be interesting to see how the Gentoo Hardened Project will respond to this as well as they have done a great deal of work with grsecurity and provided some exceptional Grsecurity documentation (for the 1.9.x series).
    Hardened Gentoo
    Gentoo Grsecurity Guide

    It will be sad to see this project fade away, especially for those needing an expressive security RBAC/MAC/PAX system. Grsecurity, combined with PAX, provided a well rounded security system that was sensible, somewhat easy to learn, and easier to administrate thanks to the powerful gradm Learning capability.

    You might want to use HTML next time. Or you might not.
    --
    Show me on the doll where his noodly appendage touched you.
  10. Re:What is grsecurity? by Richard_L_James · · Score: 5, Informative

    Security focus provided the following good explanation:

    "...Grsecurity is a suite of patches (distributed as a single patch file) for the Linux kernel that are an attempt to improve the security of a Linux system. Grsecurity is based on a port of some previous patches for the Linux 2.2 kernel, including Openwall and PaX, which have never been ported to the 2.4 kernel. Grsecurity provides some updates to these patches and has been ported to the Linux 2.4 kernel..." continue reading SecurityFocus's review.