>grsec goes closed source >PAX not updated since the middle

File: Capture.png (39KB, 1026x842px) Image search: [Google]

39KB, 1026x842px

Maybe someday this will be secure.

>>60552906
>Should I just move to OpenBSD where the developers don't just shove in whatever garbage code gets thrown to them?
Come over to the BSDs, anon. So much more comfier.

Not as much drama either, save for that one time all those gaymergoobers stormed FreeBSD chans because of some liberal fatty that barely contributed code to the project.

>>60552906
>grsec goes closed source
They're literally not allowed to do this. They didn't "go closed source", they're just not distributing source code for free anymore.

>>60553171
>Theo de Raadt not being the KING of drama queens

File: Capture.png (8KB, 697x213px) Image search: [Google]

8KB, 697x213px

>>60553171
About half my virtual machines are OpenBSD 6.1 already, the integration with Hyper V is actually better then what Linux offers.

>>60553187
>They didn't "go closed source"
>they're just not distributing source code for free anymore.
>they'll stop giving you source if you """leak""" it online too
Wow, how open source of them.

>>60552906
Do not use openBSD. https://aboutthebsds.wordpress.com/2013/01/25/20/

>>60552906
Even worse, the planned kernel self protection project (KSPP) that was tasked with taking the most general grsecurity/pax features and adding them to kernel.org horribly failed when Google pajeets simply cut+paste old grsec patches introducing new bugs.

OpenBSD and any of the BSDs are pretty good as an alternative if you don't want to keep updating software everyday. If you follow OpenBSD -stable, you almost never will have to do a security patch and can just wait for the next version of -stable to upgrade, which is every 6 mos like clockwork. If you follow -current you should know what to do if something breaks. Go on libgen.io and get Absolute OpenBSD second version or Absolute FreeBSD

If you must use linux consider using GuixSD (or even NixOS) as you can easily automate all updates in emacs, and it allows for extreme dependency tracking so you can rollback updates if something fails to a previous state. It's like taking snapshots of your system with every upgrade they don't get mutated, a new system is created beside it.

>>60553255
Won't they fix that stuff later though?

>>60553236
>2013
Many things changed since then, there is sort of a mandatory access control now but it's on by default and requires no knob twiddling from the user.

>>60553211
eh, pipacs and spender have their good reasons for not releasing even free test patches anymore, primarily because nobody gives a shit about kernel security whatsoever on the linux foundation, this is their way of forcing them to do something instead of ignoring it for another 20 years.

>>60553236
>https://aboutthebsds.wordpress.com/2013/01/25/20/
This again. Just stop fucking posting.

>>60553255
>KSPP
That was a fucking joke, what the fuck was Google thinking? What the fuck do these corporations in general think? Just fucking contract the developers to add it to the kernel, why the fuck would they try to have their software "engineers" do it?

>>60553255
Are you talking about linux-hardened?

File: bsd rationalization.png (93KB, 507x692px) Image search: [Google]

93KB, 507x692px

>>60553236
Don't forget https://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/

File: Google-Fuchsia_PLYIMA20160816_0002_4.jpg (58KB, 650x366px) Image search: [Google]

58KB, 650x366px

>>60553303
>what the fuck was Google thinking?
Sabotage, trying to help their friends at NSA to keep the web less secure

Don't worry, their new frankenstein will introduce new bugs

File: Capture.png (14KB, 1220x78px) Image search: [Google]

14KB, 1220x78px

>>60553302
>eh, pipacs and spender have their good reasons for not releasing even free test patches anymore, primarily because nobody gives a shit about kernel security whatsoever on the linux foundation, this is their way of forcing them to do something instead of ignoring it for another 20 years.
I get their reasoning, but realistically all this does is stops people from having those extra security features. I don't think anyone is going to actually make something that added as much to security as grsec did for Linux now, and it decreased the potential audits from other people using grsec. I lost respect for the grsec devs when they rage banned someone for making fun of an exploitable uint vs int bug in grsec on twitter. They're fucking cocks when it comes to CVEs too.

>>60553356
Part of me really hopes that it won't be fucking garbage, but only the retarded part of me actually thinks they'll make it even remotely (lel) secure.

File: Prism.jpg (89KB, 700x525px) Image search: [Google]

89KB, 700x525px

>>60553376
They are a known collaborator of PRISM

FUCK Fucksia

>>60553311
Hardened Gentoo project had access to grsec/pax test patches but even they don't get them anymore.

>>60553303
>Contract

Jewggle never, ever does this. Everything is always done in house for some reason and they thought they could take one of their generic 'engineers' and just have him magically learn kernel security which took pipacs and spender/deraadt/microsoft 30 years to learn.

Microsoft to their credit starting in the early 2000s started formally verifying large parts of the kernel and all drivers, and they were paying all the top sec outfits like Matasano/Accuvant/iSEC multi millions to review their entire codebase by hand and fuzz the shit out of their kernel. They also use a lot of OpenBSD ideas and apparently collaborate to some extent with each other.

This is what kernel.org should be doing, fixing their shit but everybody on the board is just milking it dry ready to jump to the next thing that comes along

>>60553376
they both are a vast source of internet drama esp on the linux security mailing list though I enjoyed seeing pipacs relentlessly make fun of Google for cut+pasting their work and making it worse.

>>60552906
>Linux kernel getting patches for vulnerabilities every hour
(((citation needed)))

I wanted to discuss thisd shit on github, but I am asking here.

So there's no alternative to these grsecurity jews on linux?

Is BSD the last safe place left?

File: Capture.png (41KB, 1026x842px) Image search: [Google]

41KB, 1026x842px

>>60553484
Dude, I don't even think people look at code before they shove it into the kernel.
>what is style? is it tasty? - Linux dev
Some of this whitespace (mostly tabs) are spaces. There's stray whitespace scattered throughout the source code and there's no single coherent style (like OpenBSD has thanks to their strict enforcement of their style guide) and it makes it a fucking drag trying to jump through source files.

>>60553507
RSBAC exist
>BSD
don't fall for the meme

>RSBAC+PaX Maintained by m-privacy.

GOTTA LOOK NOW --- THANK YOU GENTOOMAN

>>60553507
The "alternative" is to stack a bunch of sandboxes and virtualization to segregate the shitty kernel security from itself. So using things like SELinux sandboxes, Firejail, KVM to run a new virtual machine everytime you want to read a pdf or access browser for something important like banking ect.

There's other operating systems too, like SmartOS (open solaris/illumos) you can use it to run a personal private "cloud" and boot KVM virtualized OSs all day. I used to do this to get access to various developer toolchains, and had emacs just treat it a new server like a mounted local filesystem

>>60553517
You're a retard. You should have a tripcode.

>>60553567
>don't insult pajeet's stinky code - Linux shill
ok.

>>60553517
there's a linux style guide but indeed it is inferior to KNF https://github.com/torvalds/linux/blob/master/Documentation/process/coding-style.rst as you can automate a lot of things once KNF is in place

>>60553564
You still need a pax license and he may abandon mprotect fork https://www.rsbac.org/pipermail/rsbac/2016-August/002735.html

>>60553663
Correction, he did abandon pax MPROTECT fork due to commercial license of new grsecurity (pax is no longer, it was combined into grsec) and RSBAC devs came up with their own different implementation which isn't as good.

>>60553663

So it's either TOMOYO or BSD safe place.

>>60553715
Give it time and anything will be better than PaX, they deserve every shit that will come

>>60553236
>>60553321
you are such a fucking autist, kill yourself

>>60553718
no, RSBAC is still the best choice, but also use AppArmor

>>60553724
same problem exists though, nobody is paying them and they can't afford to work F/T on their version of pax and they don't have nearly the same expertise of pipacs + spender as they immediately gave up on pageexec implementation.

even if they did they'd prob be pissed Samsung and shit are just taking it without paying and all they are left with is angry weebs on their mailing list demanding free support

>>60553829
would you say ultimately all groups need to join forces? By the way, RBSAC team did pretty well even before grsec

>>60553878
Linux board of corporate shills should just sponsor these projects. SELinux is wholly sponsored by NSA still and it was only ever meant to be a proof of concept of what they could do for security but Linux board is just like "oh thanks we'll just use this forever and not do anything else" so NSA was stuck maintaining it even if it is a highly complex piece of shit these days. Nobody at kernel.org cares about security

>>60553356
>that picture
is google's new os written in jquery?

>>60553236
kys

>>60553187
>they're just not distributing source code for free anymore.
Windows distributes source to anyone who pays enough, is Windows open source?

>>60553356
>Google FucksYa

Oh God. It was not a joke after all? this gay abomination is still a thing?

>>60554410
>Nobody at kernel.org cares about security
So Linus Torvalds went on furious rants about various shit time after time, but never cared about such a fundamental thing as security?

>>60555963
yes

>>60553199
he barely posts and hasn't been interviewed in forever.

>>60555522
;*

>>60554410
federal policy required them to create selinux in order to meet requirements to deploy linux back in the day

>>60552906
>tfw OpenBSD
>no access controls
>Firefox can still read my .ssh folder
>no mprotect
>even NetBSD has mprotect
>no veriexec
what the fuck guys.

>>60560236
> >Firefox can still read my .ssh folder
chmod 700

>>60553586
Those spaces are probably a result of editing the code through a pipe.

>>60560274
can still read it.
The only protection is to run as other user.

>>60553255
FreeBSD doesn't even have ASLR

>>60560236
openbsd is a horrible desktop os.

>>60560471
What if I want to just browse the web, watch movies, and type documents.

Is Open/FreeBSD capable of doing this?

File: 20170524_131939.png (62KB, 326x683px) Image search: [Google]

62KB, 326x683px

>>60554455
no

HardenedBSD or NetBSD or bust.

>>60560542
>Google FucksYa

This gayass bullshit must be aborted right now.

>>60558387
And which "federal policy" required Red Hat to leave the NSAware in there for everyone and install it by default?

ITT: people who knows way more shit than me

>>60553171
>Already use ZFS
>Read up about bhyve
It's amazing. Why the fuck am I even using Linux?

File: 1385996003072.jpg (25KB, 400x283px) Image search: [Google]

25KB, 400x283px

>>60560542
>C, C++, Dart, Go, Rust, Python

File: 3e45d79c06973c117873b4905de9d1fd380a1da85b71b5d5a56c69cf10429070.jpg (142KB, 900x900px) Image search: [Google]

142KB, 900x900px

>>60561399
>unironically hating on selinux

>>60562541
AppArmor > Smack > SELinux

>>60562580
SELinux is infinitely more powerful than AppArmor

>>60562607
good luck trying to make a configuration that actually works

>>60562716
not my fault you're a pajeet
if you're too lazy to read the damn documentation or too stupid to apply it to your situation you deserve to be assraped by the fbi for incompetence

>>60562756
>implying
keep defending that piece of shit calle selinux

>>60563563
go ahead ad chmod -R 777 / while you are at it anon

>>60562716
It's really not that hard.

>>60564527
any legitimately good guide?

>>60564547
https://wiki.gentoo.org/wiki/SELinux

>>60560510
Yes. Install it with xfce and you're set. If you have any questions respond to me in this thread and I can help. I use OpenBSD on my laptop and it's pretty comfy, just shittier battery life and have to run scripts to connect to wifi. But for general use it's fine, only major asspain is Firefox crashes sometimes