Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Thursday July 06 2017, @11:39AM   Printer-friendly
from the to-hell-with-gpl dept.

Bruce Perens warns of potential contributory infringement and breach of contract risk for customers of GRSecurity:

Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.

Currently, Grsecurity is a commercial product and is distributed only to paying customers. My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.

By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Runaway1956 on Thursday July 06 2017, @02:02PM (5 children)

    by Runaway1956 (2926) Subscriber Badge on Thursday July 06 2017, @02:02PM (#535716) Journal

    Over the years, I've read a few articles questioning how good GRsecurity is. I suppose the best answer is, "They are pretty good - but - the alternatives are as good, and possibly better." Why pay for GRsecurity, when there is no fee involved with the alternatives?

    https://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html [cyberciti.biz]

    Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)
    Posted on May 27, 2009in Categories CentOS, Debian Linux, fedora linux, Gentoo Linux, GNU/Open source, Linux, Linux distribution, Networking, RedHat/Fedora Linux, Security, Slackware, Suse Linux, Ubuntu Linux last updated May 27, 2009

    Conclusion:

    All three offers very good protection and I can select them based upon the following simple criteria:

    New user / ease of use : Grsecurity
    Easy to understand policy and tools : AppArmor
    Most powerful access control mechanism : SELinux

    _________________________________

    As an aside, ye olde site, aternativeto seems to come up empty on this: https://alternativeto.net/browse/search?q=GRsecurity [alternativeto.net] The two offerings have diddly squat to do with security, or kernal patches. Strange . . .

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1) by slap on Thursday July 06 2017, @04:31PM (2 children)

    by slap (5764) on Thursday July 06 2017, @04:31PM (#535775)

    That comparison was 8 years ago. A lot has probably changed since then.

    • (Score: 2) by frojack on Thursday July 06 2017, @06:09PM (1 child)

      by frojack (1554) on Thursday July 06 2017, @06:09PM (#535809) Journal

      That comparison was 8 years ago.

      So it was Yesterday then?

      2009-ish. And all we've found since then is some corner cases and a couple major fuckups in third party software that were a lot harder to exploit than all the hype media made them out to be. (None of which were protected against by Grsecurity or any of the other packages).

      A lot of kernel features have been ADDED, some bugs proactively patched, but realistically there hasn't been that much that affects these security add-ons.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by Immerman on Friday July 07 2017, @12:48AM

        by Immerman (3985) on Friday July 07 2017, @12:48AM (#535948)

        Have the security add-ons remained static since then? Failed to address their weaknesses nor expanded their strengths?

        I mean cars haven't changed a lot in the last few decades, but if I wanted a comparison between manufacturers, I'd really want a comparison of *current* models, not the models made ten years ago.

  • (Score: 2) by requerdanos on Thursday July 06 2017, @06:14PM

    by requerdanos (5997) Subscriber Badge on Thursday July 06 2017, @06:14PM (#535814) Journal

    The grsecurity folks have written a feature-for-feature comparison [grsecurity.net] of grsecurity kernels, SELinux, AppArmor, and Kernel Self-Protection Project (KSPP). It's written specifically to present the 31 features that grsecurity finds to be important (i.e. the ones grsecurity has), and it doesn't disappoint: The final scores are grsecurity 31, SELinux 3, AppArmor 3, and KSPP 2 and a half (1 full feature + 3 half "watered down" features).

    Take it with a grain of salt because of the source, but then again, the data it contains is important too. The chart is undated, but refers to KSPP's inception in 2015 as "recent," so definitely more recent than the cyberciti blog post.

  • (Score: 0) by Anonymous Coward on Friday July 07 2017, @02:18PM

    by Anonymous Coward on Friday July 07 2017, @02:18PM (#536119)

    grsec was the best for normal people who wanted/needed real security improvements.

    now we have the linux-hardened/hardened kernel project: https://github.com/copperhead/linux-hardened/wiki [github.com]