Topic: security patches break Grsecurity settings

Today I updated some security patches, (deselecting the kernel update as advised by Yuriy), it was down loaded anyhow & broke the security settings. I verified this running paxtest blackhat.

1. Can the settings be reapplied? If possible how?


It seems to me that a major failure of Grsecurity is that every time a kernel patch is applied the settings are broken. The only alternative to patching the kernel is not to & leave a potential vulnerability open to exploit. As I'm new to the subject of unix security I'd appreciate the views of others in this area.

Regards

Re: security patches break Grsecurity settings

Hi,

Well of course if you try to replace the kernel, modules or patch it the magic is gone. GrSecurity closes many more security holes than you would normally expect from a patch that fixes minor bugs. I would suggest if you still want to have the latest kernel to try build it yourself by downloading a kernel from www.kernel.org and patch it with GrSecurity (www.grsecurity.org), an use our configuration. We choose this version of the kernel for NetSecL 3.0 since it runs without issues on both VM and hardware. We can also send you the old files in an archive if you want to revert back to the old kernel.

NetSecL Team