If you blame Linus for grsec not working with upstream in the past, that's fine by me; I don't know and don't care about the history.
1
But evidently it *is* possible to get stuff upstream now, albeit slower (but also less hackily), slowly decreasing the value add of grsec.
2
Mind you, if RAP were open, I don't think it'd have a hard time being upstreamed as an optional feature - not disruptive like other stuff.
2
you clearly have no idea what it took to protect linux with RAP. it's the *most* complex feature of PaX by far.
1
2
I could be mistaken on that point, since of course RAP is closed and I can't inspect it. (Less certainty is why I said "I don't think".)
2
You don't need the source code to know the impact of a CFI solution added to any non trivial piece of software
2
Indeed: not much (except possibly to deal with interop w/ unprotected code, which I assume isn't involved here as it defeats the purpose.)
2
not much based on your experience which isn't much either? :) hint: it took me 2 months to clean up the bad use of fptrs in a 1MB patch.
1
2
you sound like the peanut gallery instead. you've been 'interested' in so many things so far with zero accomplishments ;).
Apr 29, 2017 · 9:29 AM UTC