More News >>  

Install Stable:
2.2.0-2.6.32.19
Last updated: 08/19/10

Test:
2.2.0-2.6.34.4
Last updated: 08/19/10
Official grsecurity statement regarding LSM
It's often asked why grsecurity is not implemented within the LSM framework. We have provided an official response and include a link to the RSBAC project's similar response to LSM.
View here
Linux Security in 10 Years
In the presentation I touch on a number of topics ranging from exploitation to security model theorizing to prevention. I provide a brief discussion of lessons learned from last year's exploit releases, a discussion of the real-life implications of the kernel being in the TCB, a description of what grsecurity is doing right now in terms of kernel self-protection, and an outline of our ultimate goal for kernel self-protection. Current self-protection involves removing classes of bugs from the set of bugs exploitable for privilege escalation, removing information leaks from the kernel that are greatly useful to an attacker, 'constify'-ing function pointers and other targets of interest, removing arbitrary code execution, and hardening allocators and user<->kernel copying routines against integer overflows and heap overflows/infoleaks through efficient methods. Finally, I discuss the weaknesses that need to be overcome for concrete self-protection in the kernel against exploitation of memory corruption vulnerabilities.
Download in pdf format
Grsecurity Quick-Start Guide
This guide will walk you through the steps of adding grsecurity protection to your machine.
Download in pdf format
Increasing Performance and Granularity in Role-Based Access Control Systems
This research paper describes some of the recent advances in grsecurity and discusses some possible future features.
Download in pdf format
Grsecurity 1.9 MAC Documentation
This is an outdated guide to the 1.9 Mandatory Access Control system of grsecurity. Refer to the sample policy file distributed with gradm2 for updated RBAC information (until full RBAC documentation is complete).
Download in pdf format
View in html format
PaX: The Guaranteed End of Arbitrary Code Execution
These slides were presented at G-Con 2 in Mexico City, Mexico in October 2003. They provide an overview of PaX and compare it technically and functionally to OpenBSD's W^X and Redhat's Exec-shield
Download in ppt format
View in html format
Detection, Prevention, and Containment: A Study of grsecurity
These slides were presented at the Libres Software Meeting in Bordeaux, France in July 2002. The presentation gives an overview of grsecurity and PaX. Note that much of the information in the presentation is out of date, especially regarding the performance hit of PaX, which is now negligible. Nearly all of the future plans stated have already been completed. Please refer to the features page for newer information
Download in sxi format
Download in ppt format
View in html format

Site design by Hal Bergman