[rb-general] Question about reproducible builds for PaX/Grsecurity
citypw at gmail.com
Sat Jun 10 17:23:17 CEST 2017
On Sat, Jun 10, 2017 at 9:53 PM, Chris Lamb <lamby at debian.org> wrote:
> Dear Shawn,
>> I've been to Chris Lamb's presentation at HKOSCON and it's really glad
>> to see such high percentage of packaging coverage in Debian GNU/Linux
> Thank you for your kind words. However, whilst the presentation was mine,
> the Reproducible Builds effort is very much a team thing :)
>> Because reproducible builds for PaX/Grsecurity requires the same seed
>> if Grsec's RANDSTRUCT was enabled.
> For anyone following along here:
> If you say Y here, the layouts of a number of sensitive kernel
> structures (task, fs, cred, etc) and all structures composed entirely
> of function pointers (aka "ops" structs) will be randomized at compile-time.
>> So my question is as a GNU/Linux distro, who's manage the seed?
> So, starting at:
> .. this links to the following bugs:
> * GRKERNSEC_RANDSTRUCT shouldn't be enabled
> * Grsec's RANDSTRUCT and Reproducible Builds
> The latter has a patch from Steven Chamberlain :)
Steven's patch is basically what we've done in our implementation:
Thanks, it can be work out that way.
GNU powered it...
GPL protect it...
God blessing it...
More information about the rb-general