Grsec goes closed source

>grsec goes closed source
>PAX not updated since the middle ages
>Linux kernel getting patches for vulnerabilities every hour and getting more put into it every second thanks to all the retard pajeet developers shitting code into it
I feel like trying to manually patch these CVEs for my old grsec kernel is an exercise in futility. Should I just move to OpenBSD where the developers don't just shove in whatever garbage code gets thrown to them?

Other urls found in this thread:

aboutthebsds.wordpress.com/2013/01/25/20/
allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/
github.com/torvalds/linux/blob/master/Documentation/process/coding-style.rst
rsbac.org/pipermail/rsbac/2016-August/002735.html
wiki.gentoo.org/wiki/SELinux
twitter.com/NSFWRedditVideo

Maybe someday this will be secure.

>Should I just move to OpenBSD where the developers don't just shove in whatever garbage code gets thrown to them?
Come over to the BSDs, user. So much more comfier.

Not as much drama either, save for that one time all those gaymergoobers stormed FreeBSD chans because of some liberal fatty that barely contributed code to the project.

>grsec goes closed source
They're literally not allowed to do this. They didn't "go closed source", they're just not distributing source code for free anymore.

>Theo de Raadt not being the KING of drama queens

About half my virtual machines are OpenBSD 6.1 already, the integration with Hyper V is actually better then what Linux offers.

>They didn't "go closed source"
>they're just not distributing source code for free anymore.
>they'll stop giving you source if you """leak""" it online too
Wow, how open source of them.

Do not use openBSD. aboutthebsds.wordpress.com/2013/01/25/20/

Even worse, the planned kernel self protection project (KSPP) that was tasked with taking the most general grsecurity/pax features and adding them to kernel.org horribly failed when Google pajeets simply cut+paste old grsec patches introducing new bugs.

OpenBSD and any of the BSDs are pretty good as an alternative if you don't want to keep updating software everyday. If you follow OpenBSD -stable, you almost never will have to do a security patch and can just wait for the next version of -stable to upgrade, which is every 6 mos like clockwork. If you follow -current you should know what to do if something breaks. Go on libgen.io and get Absolute OpenBSD second version or Absolute FreeBSD

If you must use linux consider using GuixSD (or even NixOS) as you can easily automate all updates in emacs, and it allows for extreme dependency tracking so you can rollback updates if something fails to a previous state. It's like taking snapshots of your system with every upgrade they don't get mutated, a new system is created beside it.

Won't they fix that stuff later though?

>2013
Many things changed since then, there is sort of a mandatory access control now but it's on by default and requires no knob twiddling from the user.

eh, pipacs and spender have their good reasons for not releasing even free test patches anymore, primarily because nobody gives a shit about kernel security whatsoever on the linux foundation, this is their way of forcing them to do something instead of ignoring it for another 20 years.

>aboutthebsds.wordpress.com/2013/01/25/20/
This again. Just stop fucking posting.

>KSPP
That was a fucking joke, what the fuck was Google thinking? What the fuck do these corporations in general think? Just fucking contract the developers to add it to the kernel, why the fuck would they try to have their software "engineers" do it?

Are you talking about linux-hardened?

Don't forget allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/

>what the fuck was Google thinking?
Sabotage, trying to help their friends at NSA to keep the web less secure

Don't worry, their new frankenstein will introduce new bugs

>eh, pipacs and spender have their good reasons for not releasing even free test patches anymore, primarily because nobody gives a shit about kernel security whatsoever on the linux foundation, this is their way of forcing them to do something instead of ignoring it for another 20 years.
I get their reasoning, but realistically all this does is stops people from having those extra security features. I don't think anyone is going to actually make something that added as much to security as grsec did for Linux now, and it decreased the potential audits from other people using grsec. I lost respect for the grsec devs when they rage banned someone for making fun of an exploitable uint vs int bug in grsec on twitter. They're fucking cocks when it comes to CVEs too.

Part of me really hopes that it won't be fucking garbage, but only the retarded part of me actually thinks they'll make it even remotely (lel) secure.

They are a known collaborator of PRISM

FUCK Fucksia

Hardened Gentoo project had access to grsec/pax test patches but even they don't get them anymore.

>Contract

Jewggle never, ever does this. Everything is always done in house for some reason and they thought they could take one of their generic 'engineers' and just have him magically learn kernel security which took pipacs and spender/deraadt/microsoft 30 years to learn.

Microsoft to their credit starting in the early 2000s started formally verifying large parts of the kernel and all drivers, and they were paying all the top sec outfits like Matasano/Accuvant/iSEC multi millions to review their entire codebase by hand and fuzz the shit out of their kernel. They also use a lot of OpenBSD ideas and apparently collaborate to some extent with each other.

This is what kernel.org should be doing, fixing their shit but everybody on the board is just milking it dry ready to jump to the next thing that comes along

they both are a vast source of internet drama esp on the linux security mailing list though I enjoyed seeing pipacs relentlessly make fun of Google for cut+pasting their work and making it worse.

>Linux kernel getting patches for vulnerabilities every hour
(((citation needed)))

I wanted to discuss thisd shit on github, but I am asking here.

So there's no alternative to these grsecurity jews on linux?

Is BSD the last safe place left?

Dude, I don't even think people look at code before they shove it into the kernel.
>what is style? is it tasty? - Linux dev
Some of this whitespace (mostly tabs) are spaces. There's stray whitespace scattered throughout the source code and there's no single coherent style (like OpenBSD has thanks to their strict enforcement of their style guide) and it makes it a fucking drag trying to jump through source files.

RSBAC exist
>BSD
don't fall for the meme

>RSBAC+PaX Maintained by m-privacy.

GOTTA LOOK NOW --- THANK YOU GENTOOMAN

The "alternative" is to stack a bunch of sandboxes and virtualization to segregate the shitty kernel security from itself. So using things like SELinux sandboxes, Firejail, KVM to run a new virtual machine everytime you want to read a pdf or access browser for something important like banking ect.

There's other operating systems too, like SmartOS (open solaris/illumos) you can use it to run a personal private "cloud" and boot KVM virtualized OSs all day. I used to do this to get access to various developer toolchains, and had emacs just treat it a new server like a mounted local filesystem

You're a retard. You should have a tripcode.

>don't insult pajeet's stinky code - Linux shill
ok.

there's a linux style guide but indeed it is inferior to KNF github.com/torvalds/linux/blob/master/Documentation/process/coding-style.rst as you can automate a lot of things once KNF is in place

You still need a pax license and he may abandon mprotect fork rsbac.org/pipermail/rsbac/2016-August/002735.html

Correction, he did abandon pax MPROTECT fork due to commercial license of new grsecurity (pax is no longer, it was combined into grsec) and RSBAC devs came up with their own different implementation which isn't as good.

So it's either TOMOYO or BSD safe place.

Give it time and anything will be better than PaX, they deserve every shit that will come

you are such a fucking autist, kill yourself

no, RSBAC is still the best choice, but also use AppArmor

same problem exists though, nobody is paying them and they can't afford to work F/T on their version of pax and they don't have nearly the same expertise of pipacs + spender as they immediately gave up on pageexec implementation.

even if they did they'd prob be pissed Samsung and shit are just taking it without paying and all they are left with is angry weebs on their mailing list demanding free support

would you say ultimately all groups need to join forces? By the way, RBSAC team did pretty well even before grsec

Linux board of corporate shills should just sponsor these projects. SELinux is wholly sponsored by NSA still and it was only ever meant to be a proof of concept of what they could do for security but Linux board is just like "oh thanks we'll just use this forever and not do anything else" so NSA was stuck maintaining it even if it is a highly complex piece of shit these days. Nobody at kernel.org cares about security

>that picture
is google's new os written in jquery?

kys

>they're just not distributing source code for free anymore.
Windows distributes source to anyone who pays enough, is Windows open source?

>Google FucksYa

Oh God. It was not a joke after all? this gay abomination is still a thing?

>Nobody at kernel.org cares about security
So Linus Torvalds went on furious rants about various shit time after time, but never cared about such a fundamental thing as security?

yes

he barely posts and hasn't been interviewed in forever.

;*

federal policy required them to create selinux in order to meet requirements to deploy linux back in the day

>tfw OpenBSD
>no access controls
>Firefox can still read my .ssh folder
>no mprotect
>even NetBSD has mprotect
>no veriexec
what the fuck guys.

> >Firefox can still read my .ssh folder
chmod 700

Those spaces are probably a result of editing the code through a pipe.

can still read it.
The only protection is to run as other user.

FreeBSD doesn't even have ASLR

openbsd is a horrible desktop os.

What if I want to just browse the web, watch movies, and type documents.

Is Open/FreeBSD capable of doing this?

no

HardenedBSD or NetBSD or bust.

>Google FucksYa

This gayass bullshit must be aborted right now.

And which "federal policy" required Red Hat to leave the NSAware in there for everyone and install it by default?

ITT: people who knows way more shit than me

>Already use ZFS
>Read up about bhyve
It's amazing. Why the fuck am I even using Linux?

>C, C++, Dart, Go, Rust, Python

>unironically hating on selinux

AppArmor > Smack > SELinux

SELinux is infinitely more powerful than AppArmor

good luck trying to make a configuration that actually works

not my fault you're a pajeet
if you're too lazy to read the damn documentation or too stupid to apply it to your situation you deserve to be assraped by the fbi for incompetence

>implying
keep defending that piece of shit calle selinux

go ahead ad chmod -R 777 / while you are at it user

It's really not that hard.

any legitimately good guide?

wiki.gentoo.org/wiki/SELinux

Yes. Install it with xfce and you're set. If you have any questions respond to me in this thread and I can help. I use OpenBSD on my laptop and it's pretty comfy, just shittier battery life and have to run scripts to connect to wifi. But for general use it's fine, only major asspain is Firefox crashes sometimes