Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com [209.85.208.179]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 8B559782CCB for ; Tue, 31 Mar 2020 14:17:39 +0000 (UTC) Received: by mail-lj1-f179.google.com with SMTP id p10so21931749ljn.1 for ; Tue, 31 Mar 2020 07:17:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ICFNmH7t7D8fxH1z5W24JofnWmwgkfsJqQE/9DiHBBA=; b=bTdsdDct6BG2LXU0BKrxvf7w0KSAUE7CSfvVonMoM/H7uvVO1UdF9TWxg52hFE3bAO rKZX/mzBe9JQ2Ifh0s2qfmOnp92lgcKw5zfptE+A1PPXRdWjVMMCYQX+mBZJGakYAstX WoW0Wi6c07sCOdsaDhn74Pf74LBEg9lHhxDb3ZvNZ7h9gNCOlRaKqbC1FuAXjO6LKY9V zmkdgtTzKyD0NNHzEJsdjxOMHQZtorvLg4YZI2mTxcG2K2rqN2S/upVPsTtHQXzc8XEm FEwG2Rm5lhXtQnYW4cBE02wdP0LY5TFwf2DYuuBjiUb4il9i8e01rJP0JQp3TDARRiJh giwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ICFNmH7t7D8fxH1z5W24JofnWmwgkfsJqQE/9DiHBBA=; b=tLezw0jAHqOtzAkroRok5jAiOal02j0EdwXlTUKe/vmN3sXfiTMzBb4neyWXJQLLm7 ef1MjK10w4DdHPUZhXDX18I3NNmG0cwsozeKNXa7v+YHK8vIBhXO6Xcf59Y4VputzQwl 8aTYYjc5wxO7GfETcz5eCsuGLntW+v/UMWLCESf6jzK0tGEjRh0sthHhClrw6AVhzjDQ RyM8OzQS7b0a4K/8XunQsNfBT+7LjZ8VGfdrxKcq8F8itMRe2V9sJOlXS70Wqx6VvVqH gJzV59aFdjUbY3sYpLNvHQ/SmTy2mbrS23ZOQhrsl96eT/7lK9DMmO+ZC19AyIirZkx0 s1Lg== X-Gm-Message-State: AGi0PubWGUnA2jo5a/vA29Ta635YjbqCChTFcQEemK6HlDypFkD6/LCx nuVyM5EAH4X0AC2lmvuVyVYhij0KtGYVYqzwZqk= X-Google-Smtp-Source: APiQypKwEWAeGjzCy6SwBH4vju4Oyk/8Wrf91XIeUkXdllUhJubb4sIQGRAV2p2PUPSGWgcfytp9ZDrz6RnbfalJYeU= X-Received: by 2002:a2e:8093:: with SMTP id i19mr10237285ljg.12.1585664257591; Tue, 31 Mar 2020 07:17:37 -0700 (PDT) MIME-Version: 1.0 References: <20200331120229.514f90b3@ncopa-desktop.copa.dup.pw> In-Reply-To: <20200331120229.514f90b3@ncopa-desktop.copa.dup.pw> From: PICCORO McKAY Lenz Date: Tue, 31 Mar 2020 10:17:25 -0400 Message-ID: Subject: Re: How does Alpine Linux harden its kernel? To: Natanael Copa , alpine-user Content-Type: multipart/alternative; boundary="000000000000ce916905a2273a40" --000000000000ce916905a2273a40 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable wicht part of the wiki said that? i'll investigate it and later applied updates El mar., 31 de mar. de 2020 a la(s) 06:02, Natanael Copa ( ncopa@alpinelinux.org) escribi=C3=B3: > On Tue, 31 Mar 2020 11:43:01 +0200 > Marco Sulla wrote: > > > Hello all. I discovered Alpine Linux, and it seems the unique active > > Linux distro that applies hardening patches to the Linux kernel. > > > > The problem is I do not understand where Alpine applies its patches to > > the kernel. Where is the code? > > > > PS: I know that Alpine Linux does not use anymore grsecurity. Does it > > continue to apply PaX patches? > > Hi! > > We no longer harden the kernel, due to grsecurity nor pax not being > available for public. > > It sounds like we need to update the documentation somewhere. > > -nc > --000000000000ce916905a2273a40 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

wicht part of the wiki said that? i'll investigate it = and later applied updates

El mar., 31 de mar. de 2020 a la(s) 06:02, Natanae= l Copa (ncopa@al= pinelinux.org) escribi=C3=B3:

On Tue, 31 Mar 2020 11:43:01 +0200
Marco Sulla <alpine_users_list@marco.sulla.e4ward.com> wrote:<= br>
> Hello all. I discovered Alpine Linux, and it seems the unique active > Linux distro that applies hardening patches to the Linux kernel.
>
> The problem is I do not understand where Alpine applies its patches to=
> the kernel. Where is the code?
>
> PS: I know that Alpine Linux does not use anymore grsecurity. Does it<= br> > continue to apply PaX patches?

Hi!

We no longer harden the kernel, due to grsecurity nor pax not being
available for public.

It sounds like we need to update the documentation somewhere.

-nc

--000000000000ce916905a2273a40--