Dear everyone,
perhaps someone has already brought this up on the list, but I'll dig it a bit anyways.
As I'm sure many of the people on the list are already aware, grsecurity has gone closed source with their stable branch.
While grsecurity is far from dead, the fact that the stable version is now only available to paying customers does change the scene somewhat. It also reminds us that open source does not guarantee endless availability.
Despite all the great innovations the grsecurity team has come up with, the "solution" of having to (individually) patch each and every new kernel version was never a real solution anyways.
What I would personally love to see is Linux kernel running on/in Genode. I know it's very different from running a micro kernel, and I know it would require lots of work - but then again, the past situation with grsecurity (and other tweaks) required hell of a lot of work anyways.
I'm actually working on a little thingy based on OpenBSD, and would be interested in leading a task force with the goal of making both BSD and Linux kernels run on Genode. If any similar minded individuals are listening in, please give me a shout!
Yours,
Jyri -- +358-50-5632104 (24/7) jyri.hovila@...377...
Hi Jyri,
On 12/21/2015 02:16 PM, Jyri Hovila [Turvamies.fi] wrote:
Dear everyone,
perhaps someone has already brought this up on the list, but I'll dig it a bit anyways.
As I'm sure many of the people on the list are already aware, grsecurity has gone closed source with their stable branch.
While grsecurity is far from dead, the fact that the stable version is now only available to paying customers does change the scene somewhat. It also reminds us that open source does not guarantee endless availability.
Despite all the great innovations the grsecurity team has come up with, the "solution" of having to (individually) patch each and every new kernel version was never a real solution anyways.
What I would personally love to see is Linux kernel running on/in Genode. I know it's very different from running a micro kernel, and I know it would require lots of work - but then again, the past situation with grsecurity (and other tweaks) required hell of a lot of work anyways.
I'm actually working on a little thingy based on OpenBSD, and would be interested in leading a task force with the goal of making both BSD and Linux kernels run on Genode. If any similar minded individuals are listening in, please give me a shout!
I am not sure what you mean here. Genode can already execute Linux within a virtual machine (Seoul or VirtualBox) or as a paravirtualized version on top of the Fiasco.OC kernel. If this is not sufficient, what is your approach?
Sebastian
Hi!
I am not sure what you mean here. Genode can already execute Linux within a virtual machine (Seoul or VirtualBox) or as a paravirtualized version on top of the Fiasco.OC kernel. If this is not sufficient, what is your approach?
The problem in this approach is that the (virtualized) Linux instance is still running the same very insecure (if you ask me;) Linux kernel. Within the scope of the Linux kernel, there is nothing to limit the kind of hazards grsecurity is/was made to prevent.
To reiterate, what I would like to see is Linux (and/or BSD) kernel running directly on top of genode.
Yours,
Jyri
I am not sure what you mean here. Genode can already execute Linux within a virtual machine (Seoul or VirtualBox) or as a paravirtualized version on top of the Fiasco.OC kernel. If this is not sufficient, what is your approach?
The problem in this approach is that the (virtualized) Linux instance is still running the same very insecure (if you ask me;) Linux kernel. Within the scope of the Linux kernel, there is nothing to limit the kind of hazards grsecurity is/was made to prevent.
To reiterate, what I would like to see is Linux (and/or BSD) kernel running directly on top of genode.
What do you mean by «Linux kernel running directly on top of genode»?
-- Vasily A. Sartakov sartakov@...104...
-
Jyri [Café Star] -
Jyri Hovila [Turvamies.fi] -
Sebastian Sumpf -
Vasily A. Sartakov