Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.
In a big red block at the top of their home page is the following warning:
Important Notice Regarding Public Availability of Stable Patches
Due to continued violations by several companies in the embedded industry of grsecurity®'s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public. For more information, read the full announcement.
And I thought GRSecurity was based on the GPL'd work called "Linux". Guess I was wrong.
(Score: 4, Insightful) by ThePhilips on Monday September 07 2015, @10:03AM
But the GPL does promise that you can do what you like with it, without any restriction other than preserving GPL terms. So, it only takes one person to subscribe to their "improvements", and publish them for everyone to use.
Yes.
But recall the whole RHEL vs CentOS debacle.
RedHat sells lots of of GPLed components to the RHEL customers. And even though they are GPLed, you would rarely, if ever, find them for free download on the net.
Personally, I' take the view that if their "improvements" to the kernel were uncontroversially beneficial, they would have been absorbed into mainstream code already, so I'm not intending to use them.
That discussion is more than a decade old.
GrSecurity patches (and similar) are very intrusive, and generally trade performance for a promise of higher security. It's not just couple of places patched or a loadable module a-la AppArmor or SELinux. They patch and change lots of code, including the very low-level routines, making the kernel as a whole harder to develop and maintain.
OTOH, the security people also not very eager. The fame of merging it into the mainline would fade quickly. While by maintaining their own patchsets, they have something akin to a product, and an associated with it service to sell.