|
|
Subscribe / Log in / New account

The grsecurity "RAP" patch set

The grsecurity "RAP" patch set

Posted Feb 8, 2017 2:18 UTC (Wed) by PaXTeam (guest, #24616)
In reply to: The grsecurity "RAP" patch set by mjw
Parent article: The grsecurity "RAP" patch set

our plugins are under scripts/gcc-plugins in our kernel patches which are linked from the homepage. note that using RAP outside of the supported kernel versions or userland requires fixing any function pointer abuse first (lest they trigger the defense mechanism at runtime).

to post comments

The grsecurity "RAP" patch set

Posted Feb 8, 2017 21:31 UTC (Wed) by Lionel_Debroux (subscriber, #30014) [Link]

To build on PaXTeam's comment: there is _much_ function pointer abuse in mainline Linux...
The corresponding fixes throughout the tree (drivers, fs, net, sound, etc.) make up a significant proportion of the size increase between the grsec 4.4.x (last version without RAP, 4.4.8 is just above 8e6 bytes) and 4.5.x patches (4.5.2 is just above 9e6 bytes, +~12%). The diff between copies of these patches confirms.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds