[rsbac] Critical bug in PaX, please update!

[murf]

Hi!

On Sun, 06 Mar 2005 15:40:58 +0000
Deim Ágoston <ago at lsc.hu> wrote:

> 
> >AFAIK Its true that PAX will be terminated, but somebody 
> >will continue - spender or anyone blessed by pipacs.
> >  
> >
> hmmm. I hear the sounds of CSO-s who wanted exec-shield because it's 
> "official" in RHEL kernel while PaX wasn't... Some of the guys here in 
> Hungary think that's only a joke but I don't think so - 

I dont know who CSO is and dont care about comercial company
like RedHat. You can choose of another distribution.

> similar happened 
> to deadly.org last year. 

The problem is that deadly.org was only web project of some
information around OpenBSD, but PAX cann't be taken over so easily,
because of its nature.

>Anyway: is there a real chance to see RSBAC in 
> the mainstream kernel sooner or later? I know and understand the 
> feelings of Amon against LSM but right now I only have the chance to 
> work with RSBAC in my private life. 

I think, that there is a chance. You can remember replacement
of packet filter in linux kernel for two or three times or vm code.
(please correct here, if i'm wrong)

> Yes, SELinux is officially in the 
> RHEL kernel and the companies are looking for an untouched vendor kernel 
> because of official support and support for Oracle etc.

Its a business point of view. The kernel is still only one, some vendors
add some patches, thats all. It is still open source. 
Yea, I know - "what about testing kernel that is called stable".
Is someone behind that :-? 

> I woiuld be 
> happy if there would be a backdoor to include RSBAC in kernel.org 
> kernels. But that's just me :-)
> 

I dont think that by discovering backdoor in a kernel someone would
include RSBAC in the mainline kernel tree. There have to be some 
enfocement to the developers of the kernel to change their behaviour.

regards,

murf