Page MenuHomePhabricator

grsecurity-installerProject
ActivePublic

Members (2)

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Apr 29 2017

HulaHoop closed T301: make grsecurity kernel, grsecurity-installer work inside Whonix as Invalid.

upstream ceased open development: https://www.grsecurity.net/passing_the_baton_faq.php

Apr 29 2017, 6:20 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B

May 4 2016

Patrick updated the task description for T301: make grsecurity kernel, grsecurity-installer work inside Whonix.
May 4 2016, 9:37 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B

Feb 10 2016

Patrick added a member for grsecurity-installer: HulaHoop.
Feb 10 2016, 7:56 PM

Aug 21 2015

HulaHoop added a comment to T301: make grsecurity kernel, grsecurity-installer work inside Whonix.

Actually the best option is the availability of a Debian grsecurity kernel source package that can be deterministically built. That way the maintenance and update burden is handled upstream and it can be securely installed thru apt with the full protections of grsecurity.

Aug 21 2015, 5:38 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B

Aug 20 2015

Patrick removed a project from T301: make grsecurity kernel, grsecurity-installer work inside Whonix: Whonix 12.
Aug 20 2015, 12:04 AM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B

Aug 18 2015

HulaHoop added a comment to T301: make grsecurity kernel, grsecurity-installer work inside Whonix.

Long term I think its better to have a script to compile and update a grsec kernel than a package in upstream repos because some protections can only be effective if they are unique to the user. A precompiled kernel loses these benefits because the protection values are public and known to everyone including the attacker. Arch has a packaged kernel and they explain the limits:

Aug 18 2015, 9:50 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B

Jun 6 2015

Patrick added a comment to T301: make grsecurity kernel, grsecurity-installer work inside Whonix.

http://www.corsac.net/index.php?post=1575

Jun 6 2015, 5:00 AM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B

May 21 2015

Patrick added a comment to T301: make grsecurity kernel, grsecurity-installer work inside Whonix.

It's also just a compiled kernel. I am that far. Has almost the same TODO as this ticket. Non-minor stuff such as "desktop environment (kdm) currently does not start, needs fixing".

May 21 2015, 4:18 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B

May 20 2015

HulaHoop added a comment to T301: make grsecurity kernel, grsecurity-installer work inside Whonix.

What about the corsac repository listed in:
https://wiki.debian.org/grsecurity

May 20 2015, 6:25 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B
Patrick added a comment to T301: make grsecurity kernel, grsecurity-installer work inside Whonix.

Mempo kernel:

May 20 2015, 3:38 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B
HulaHoop added a comment to T301: make grsecurity kernel, grsecurity-installer work inside Whonix.

What are cons of using the Mempo kernel that's already patched with grsecurity?

May 20 2015, 2:53 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B

May 13 2015

HulaHoop added a comment to T301: make grsecurity kernel, grsecurity-installer work inside Whonix.

A compact list of sane grsec defaults as deployed on gentoo:

May 13 2015, 3:47 AM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B

May 12 2015

Patrick updated subscribers of T301: make grsecurity kernel, grsecurity-installer work inside Whonix.
May 12 2015, 5:26 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B
Patrick updated the task description for T301: make grsecurity kernel, grsecurity-installer work inside Whonix.
May 12 2015, 5:18 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B
Patrick updated the task description for T301: make grsecurity kernel, grsecurity-installer work inside Whonix.
May 12 2015, 5:17 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B
Patrick created T301: make grsecurity kernel, grsecurity-installer work inside Whonix.
May 12 2015, 5:16 PM · bountysource, bounty, grsecurity-installer, Whonix, sponsor-B