Stories
Slash Boxes
Comments

SoylentNews is people

GRSecurity Linux Kernel Patch to End Public Accessability of Stable Patches.

posted by cmn32480 on Monday September 07 2015, @08:31AM   Printer-friendly
from the the-GPL-is-open-to-interpretation dept.

An Anonymous Coward writes:

Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.

In a big red block at the top of their home page is the following warning:

Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement.

And I thought GRSecurity was based on the GPL'd work called "Linux". Guess I was wrong.

Original Submission

 
This discussion has been archived. No new comments can be posted.
GRSecurity Linux Kernel Patch to End Public Accessability of Stable Patches. | Log In/Create an Account | Top | 42 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Insightful) by ThePhilips on Monday September 07 2015, @10:03AM

    by ThePhilips (5677) on Monday September 07 2015, @10:03AM (#233205)

    But the GPL does promise that you can do what you like with it, without any restriction other than preserving GPL terms. So, it only takes one person to subscribe to their "improvements", and publish them for everyone to use.

    Yes.

    But recall the whole RHEL vs CentOS debacle.

    RedHat sells lots of of GPLed components to the RHEL customers. And even though they are GPLed, you would rarely, if ever, find them for free download on the net.

    Personally, I' take the view that if their "improvements" to the kernel were uncontroversially beneficial, they would have been absorbed into mainstream code already, so I'm not intending to use them.

    That discussion is more than a decade old.

    GrSecurity patches (and similar) are very intrusive, and generally trade performance for a promise of higher security. It's not just couple of places patched or a loadable module a-la AppArmor or SELinux. They patch and change lots of code, including the very low-level routines, making the kernel as a whole harder to develop and maintain.

    OTOH, the security people also not very eager. The fame of merging it into the mainline would fade quickly. While by maintaining their own patchsets, they have something akin to a product, and an associated with it service to sell.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  
    Total Score:   4