Received: from mx2.e4ward.com (mx2.e4ward.com [142.93.190.147]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 38AF3781A5C for ; Tue, 31 Mar 2020 10:18:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mx2.e4ward.com (Postfix) with ESMTP id 0210C402F6 for ; Tue, 31 Mar 2020 06:18:57 -0400 (EDT) Authentication-Results: mx2.e4ward.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=gmail.com Received: from mx2.e4ward.com ([127.0.0.1]) by localhost (mx2.e4ward.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Q9wHz4BWSz0 for ; Tue, 31 Mar 2020 06:18:56 -0400 (EDT) Received: from mx2.e4ward.com (localhost [127.0.0.1]) by mx2.e4ward.com (Postfix) with ESMTP id 71176403A9 for ; Tue, 31 Mar 2020 06:18:25 -0400 (EDT) Received: from mail-ed1-f68.google.com (mail-ed1-f68.google.com [209.85.208.68]) by mx2.e4ward.com (Postfix) with ESMTPS for ; Tue, 31 Mar 2020 06:18:25 -0400 (EDT) Received: by mail-ed1-f68.google.com with SMTP id e5so24419321edq.5 for ; Tue, 31 Mar 2020 03:18:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=LvdDtzliBxwtgk2PRRXjNRN3VUszGa0+6/iPPz4IYPA=; b=Iq7YVPjyr2TSf+jZh43pILnyqnmIcn+LIdFXtqnvtQh0ZO92bziKUTZNGKTd7QPGI3 GiSTg6ZNJquOfRwjVMBbh5wH1JbHOt5zhIoenRg+881kBClM+Q3U4gWx3y3+7gG6/nbg uHVrduy06LjbGzcSNfuzB3RF06jbjvYXtertbbnVcU+RKGFlPRmkTb+PAzxI3QLAzAv8 YvtgDA0vX04PBhDUnJPCFKRSXFU1dRDmiRuBkw2gKoO9kOy5qytbyYJJqxoPY6MV2Ykz MS/LogDku0IJnN8gTxPjtt+SzInrWas2mR9zFKP24j4YMbjt66Pd/UAyhVxtcGrgd4ZY vF1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=LvdDtzliBxwtgk2PRRXjNRN3VUszGa0+6/iPPz4IYPA=; b=KOpb5xNGR7i23X1BsIb1jvqbp1rjD0Ev1eiPshYEQjgeGkbO7RC2bwryRzyinF8Pol NIPk1eYIfIL9kEG69CDVt2Q8auhdVnuRSsadpo7eu0IYcL9C1lF0/12You9aRy6qrWX7 goXFx/SE7XvJ5ta5ZjKzKLugrX6BBUapPibhHJFoq0ND2ihtwOLrADy1RZ1zb/fImI1S v1it8mBBr5S0QKzqZcUu7QkveQqb6wYyuuYN2Ga6T9jy0uDWSTQVKqsIcHvtvEo9BB6W j3hgaI53wFIl2VPw1nQdVXElV9JuIBM9lKInxPmLTFjaNWRBKIbVnBeaU68qguMvDynS rpFw== X-Gm-Message-State: ANhLgQ16w/B9K333EX8YWPLO/ZNCUCBZzbnClo3dfcMwJ3QbJZ9qCN8M snrwh/+mMzSbd0cvoHPl5MHlucJTkYfU+UggjgTSb061 X-Google-Smtp-Source: APiQypLoLOlNoWdy9DN98dBH5cHSt/hyrXASsd9ptTbfRETLCGtqdxgAhSxfOG7QH1ze0kTFiicavTvmwai75yv76LE= X-Received: by 2002:a19:23d2:: with SMTP id j201mr11268450lfj.78.1585649484751; Tue, 31 Mar 2020 03:11:24 -0700 (PDT) MIME-Version: 1.0 References: <20200331120229.514f90b3@ncopa-desktop.copa.dup.pw> In-Reply-To: <20200331120229.514f90b3@ncopa-desktop.copa.dup.pw> From: Marco Sulla Date: Tue, 31 Mar 2020 12:10:47 +0200 Message-ID: Subject: Re: How does Alpine Linux harden its kernel? To: Natanael Copa , alpine-user.lists.alpinelinux.org-alpine_users_list.marco.sulla.e4ward.com@jr6e1x1pth7.reply.e4ward.com Content-Type: text/plain; charset="UTF-8" Reply-To: alpine_users_list@marco.sulla.e4ward.com Sender: forwardedby@e4ward.com X-e4ward-RCPT: alpine-user.lists.alpinelinux.org-alpine_users_list.marco.sulla.e4ward.com@jr6e1x1pth7.reply.e4ward.com X-e4ward-x: . But did you not apply custom patches made by yourselves? I see that in the source code that pax utilities are used. And it seems Apline use linux-hardened. On Tue, 31 Mar 2020 at 12:02, Natanael Copa wrote: > > On Tue, 31 Mar 2020 11:43:01 +0200 > Marco Sulla wrote: > > > Hello all. I discovered Alpine Linux, and it seems the unique active > > Linux distro that applies hardening patches to the Linux kernel. > > > > The problem is I do not understand where Alpine applies its patches to > > the kernel. Where is the code? > > > > PS: I know that Alpine Linux does not use anymore grsecurity. Does it > > continue to apply PaX patches? > > Hi! > > We no longer harden the kernel, due to grsecurity nor pax not being > available for public. > > It sounds like we need to update the documentation somewhere. > > -nc