[rb-general] K/S: Re: Question about reproducible builds for PaX/Grsecurity
mahadirienterprise at gmail.com
Sun Jun 11 19:28:34 CEST 2017
Dihantar daripada telefon pintar Samsung Galaxy saya.-------- Mesej asal --------Daripada: Shawn <citypw at gmail.com> Tarikh: 10/06/2017 11:23 PM (GMT+08:00) Kepada: Chris Lamb <lamby at debian.org> Sk: rb-general at lists.reproducible-builds.org Subjek: Re: [rb-general] Question about reproducible builds for PaX/Grsecurity
On Sat, Jun 10, 2017 at 9:53 PM, Chris Lamb <lamby at debian.org> wrote:
> Dear Shawn,
>> I've been to Chris Lamb's presentation at HKOSCON and it's really glad
>> to see such high percentage of packaging coverage in Debian GNU/Linux
> Thank you for your kind words. However, whilst the presentation was mine,
> the Reproducible Builds effort is very much a team thing :)
>> Because reproducible builds for PaX/Grsecurity requires the same seed
>> if Grsec's RANDSTRUCT was enabled.
> For anyone following along here:
> If you say Y here, the layouts of a number of sensitive kernel
> structures (task, fs, cred, etc) and all structures composed entirely
> of function pointers (aka "ops" structs) will be randomized at compile-time.
>> So my question is as a GNU/Linux distro, who's manage the seed?
> So, starting at:
> .. this links to the following bugs:
> * GRKERNSEC_RANDSTRUCT shouldn't be enabled
> * Grsec's RANDSTRUCT and Reproducible Builds
> The latter has a patch from Steven Chamberlain :)
Steven's patch is basically what we've done in our implementation:
Thanks, it can be work out that way.
GNU powered it...
GPL protect it...
God blessing it...
rb-general at lists.reproducible-builds.org mailing list
To change your subscription options, visit https://lists.reproducible-builds.org/listinfo/rb-general.
To unsubscribe, send an email to rb-general-unsubscribe at lists.reproducible-builds.org.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rb-general