GRSECURITY ABSOLUTELY BTFO LEFT AND RIGHT UPSIDE DOWN INSIDE

Relatively new linux user here. What is the viable alternative(s) for grsecurity? I am asking for personal opinions, I am doing my own research right now.

>>61074008
>>61074077

Grsecurity wrote a set of patches for the Linux kernel years and years ago which hardened it against many common attacks.

They do take an extremely paranoid approach wherein anything that "may" be an exploit is flagged. So with all options turned on, you can find shit like "integer overflow" which has no practical vulnerability, suddenly becomes a DoS, because grsec detects it and kills the kernel.

OP may want to read the actual response on this though:

http://openwall.com/lists/oss-security/2017/06/25/1

It looks a lot more like Linus got BTFO'ed.

does people in FOSS tend to be hostile to each other?
just curious

>>61074385
The Linus-Spender fighting has been going on since about 1998 when grsecurity first said they weren't interested in being mainlined in the kernel.

>>61074008
There is an ongoing effort to implement grsec features in a clean way that can be merged into mainline kernel.

The two main problems with grsec are:
1. Spengler doesn't care if userspace breaks
2. grsec is a huge monolith of a patch

Linus only breaks userspace when it's absolutely necessary and can't be avoided. Grsec doesn't care and most importantly they don't have enough resources to test their patches everywhere, so you can be almost sure something breaks in corner cases.
The second point is that no sane maintainer is going to merge a huge pile of shit of dubious quality. The standard procedure is to send small self-contained patches that are easily verified. Spengler never made any effort to split grsec up into smaller parts, mostly because he wants to do business instead of helping upstream.

>>61074414
Forgot to mention, the effort to reimplement grsec in a clean manner is called KSPP.
Spengler has accused them of ripping grsec off, which is funny considering grsec is GPL licensed.

>>61074293
"* and no, Linus, it's not 'Linux', it's 'GNU + Linux'."

>>61074293
Nobody who ends a post with "don't bother replying because I won't even read it" has ever blown anybody out, ever.

>>61074721
All BTFO's are ended with a mic drop. It's not a BTFO if there's anything left to be said.

>>61072835
Linux is more secure than windows because more people use windows, not because linux is more secure. Linus never focused on security and continually makes fun of anybody who does.

If you want a secure OS, go OpenBSD,

>>61074293
How does that BTFO Linus? He makes it as hard as legally possible to use his patches and then complains when people don't do a very good job at implementing them, he recently threatened so sue the poor motherfuckers that have to sift through his shitty patches because they were infringing on his "copyright".

>>61074932
>Linux is more secure than windows because more people use windows, not because linux is more secure.

So malware prefer to target windows instead of linux.

> that's what i meant

>>61074293
>Linus got BTFO'ed.
[X] DOUBT

>>61074932
>If you want a secure OS, go OpenBSD
stop parroting memes.

>>61074385
Hostility stops corporate shills from gaining a foothold and ruining everything.

File: 1495505127315.jpg (31KB, 702x536px) Image search: [Google]

31KB, 702x536px

>>61074826
how's your first summer on /g/?

>>61076168
But Linus is literally a corporate shill.

>>61074932
How's that 11 years old FBI botnet in your code Theo

>>61076340
>How's that 11 years old FBI botnet in your code Theo
Did anyone ever find it?

>>61074293
>http://openwall.com/lists/oss-security/2017/06/25/1

holio fuck he sure did drope some hot steaming loads on torvalds.

I have no clue why he's so butthurt about muh working for free. He was happy to work on grsecurity for the benefits of the community until the fucking chinese started using his patches to sell commercial products and slapped "grsecurity approved!1111" stamp on every box and haven't donated a single dime.

>>61076340
Wasn't this proven false?

>>61074385
>does people in FOSS tend to be hostile to each other?
Yes, anon. Nobody wants to admit it, but we are in eternal war with extreme, toxic sperglords that don't even deliver good code most of the time and beliebe in common programming myths, SJWs that are rampaging, Web Code Artisans and self-righteous corporate drones demanding features without paying for it in issue trackers.

This is nothing new, Linus has an history of insulting people who are into security and correctness.

He also called the OpenBSD developers masturbating monkeys and told some guy who asked him about the state of driver documentation that he didn't gave a shit.

File: 96753424322.png (2MB, 1652x752px) Image search: [Google]

2MB, 1652x752px

>>61076856

>>61076275
Wrong Linus.

>>61076881
I'm torn. Linus is a moron, but so are the OpenBSD guys.

>>61076551
Yes, but that won't stop that guy from posting 7 year old FUD.

File: 967.jpg (34KB, 494x375px) Image search: [Google]

34KB, 494x375px

>>61074293
dunno what will Linus reply to all that bantz but it will be a sight to behold.

>>61076275
You have to choose your battles, anon. It can't be easy to get cooperation from some of these groups. They all have different ideas and motives. Linus has the patience of a saint when you put things into perspective.

>>61076856
in fairness many security people are masturbating monkeys. It's really common in the security world to chase mathematically-perfect security instead of something that has theoretical vulnerabilities but is secure in practice. It's also common to dismiss all the other messy real-world stuff that mainline Linux is worried about, like performance, not breaking userspace, etc.

>>61072835
Good, they deserve it

>>61074293

>You know, Red Hat produces big monolithic >patches too. Are their kernels
>garbage? Or won't you say that because they >fund you?

LINUS BLOWN THE FUCK OUT

>>61076901
Both Linus are corporate shills.

>>61074008
At the minute, SELinux which is a Mandatory Access Control software. But it is very hard to write/manage policies and the learning curve is very steep.

If you have a vested interest in secure computing experience you should look into OpenBSD.

>>61077467
apparmor is a lot easier to manage, and gets you a large pert (not all) of the benefits that SELinux does.

Also it's worth mentioning that OpenBSD doesn't have any MAC capabilities at all, on orders from Theo.

>>61072835
>grsec pulls patches
>aka the only reason why Linux security wasn't a complete joke
>Linux pulls the ol' salty grapes
Wew.

>>61077585
>faggot pulls GPL'd code because MUH MONEY
>mainline linux tries to implement said patches in a controlled manner
>YOU'RE RIPPING US OFF! YOU'RE STEALING THE CODE WE RELEASED ON A COPYLEFT LICENSE!

Linus should cede the kernel to Lennart already.

We're going to replace it with something of our own eventually - it takes some political maneuvering and time - but it will be easier for everyone if we start deprecating old Linux.

>>61076881
>A successful asshole insulting unsuccessful dipshits.

>>61077553
Yeah I agree, I've used Apparmor a lot in the past. It is perfect for desktop systems but for servers and internet facing machines the policies are just too vague, which is where SELinux shines.

OpenBSD implements Pledge which is effectively upstream security patches. MAC is inherently a poor security system but it's the best we have on systems that don't have Pledge.

>>61077677
Here's your (you)

>>61077872
Freetards can't stop progress. Even Linus admitted the future of Linus wrt systemd.

>>61077872
Fork Linux then. There is no reason to let Red hat assume full and direct control.

>>61077677
Google is already working on a kernel for andoid, under a permissive license that companies love so much. Called Fuscia or something.

File: openbsd.jpg (210KB, 869x1338px) Image search: [Google]

210KB, 869x1338px

>>61072835
>>61074293

lmao, no shit Linux security is a joke, when the only sane people who are working on it get harrased by a corporate shill.

>>61078201
Everytime I see this fucking fish looking at me like this with his piece of shit smug face, I always hate his guts.
What a stupid fucking fish.

>>61077677
Excuse me while I ejaculate all over your daughter's face.

She loves it. Says it tastes better than Daddy.

>>61078134
SystemCancer is progress?
Newspeak detected.

File: Capture.png (7KB, 755x203px) Image search: [Google]

7KB, 755x203px

>>61077626
>>mainline linux tries to implement said patches in a controlled manner
>one Google pajeet implements two (2) feature after 6 years
Let's play find the grsec ports!
Oh wait, I found them all.

>>61076551
OpenMEMEsd can never prove there wasn't one. They don't even have MAC or jails like freebsd has

File: puffy.gif (422KB, 1000x907px) Image search: [Google]

422KB, 1000x907px

>>61078239

File: 1486885364696.jpg (59KB, 330x319px) Image search: [Google]

59KB, 330x319px

>>61074293
HOLY FUCKING SHIT!!!!!

LINUX BTFO
FREETARDS BTFO
OPEN SORES BTRFO!
STALLSHIT BTFO

Brad Spengler is our new lord & savior!

I love it how he just casually drops a MOGTHERFUCKING ZERO DAY and shuts the stupid shithead Linus in the process!

Why is spengler wasting his time making himself look like an idiot?

torvalds has explained exactly what you need to do to get your patches in. no argument is needed. he's just sperging out trying to "prove" that's he's "right".

>>61074293
>Linus shits out a kernel
>forces other people to raise it and provide shelter
>reap all the benefits

That's like the most anti BTFO ever. If you're using Linux you're getting keked by Linus

>>61080268
>Why is spengler wasting his time making himself look like an idiot?
shut the fuck up retard. Linus is the biggest idiot of them all and he got completely BLOWN THE FUCK OUT! Brad exposed his code as fucking shit and even showed a ZERO DAY in Linux kernel.

Linus = committing seppuku as we speak.

>>61080285
>>61080257
>ZERO DAY
It's not a zero day. Learn what a zero day is. Linux security is shit, but that is not a zero day.

>>61072835
>snowflake
>cuck
Do ypu people even realize what those words mean or do you just spout them whenever?

>>61077585
grsec is so secure it can't even be used in production

>>61074293
GPL loses again, MIT/BSD wins again.

ITT: idiots not understanding security or kernels talking about security and kernels; also summer is fucking here and I need a holiday away from this shit

>>61080560
>grsec is only usable by constrained, embedded systems with barely any software
>systems with bloated stupid shit that gets killed by grsec is the most vulnerable
lelnux more like mirite. Name one fucking reason why an application needs to use trampolines. Name one fucking reason why a program would crash because of freed memory being zeroed. Name one fucking reason why a program would actually run to integer overflow and use that to function properly.

>>61077051
No they're not monkeys. Infosys is full of some really down to earth people who are nothing like John nash. Not all security people are psychotic.

>>61080957
Infosec rather

>>61072835
To be fair this is written by a dude that thinks nonroot should be able to install a device.

>>61080989
what device is he talking about, the last rant i remember was SUSE requiring root to connect to wifi, nobody wants to go back to 2000 when mounting cds and usbs required root

>>61081051
It was about adding a printer.

>>61081092
These days you can point your web browser to the printer and upload the document to print it.

>>61080423
that ABSOLUTELY and IRREFUTABLY is a zero-day because it has been 0 days since I first heard of it! SHAME!

>shitting on the creators of state-of-the-art algos to security

I wish this fucker get hit by a train.

>>61081517
>algos

>>61074932
>more people use windows
what are servers

summerfags, I swear...