Wikipedia has a pretty good explanation of what grsecurity and PaX do, but in a nutshell, here's what this set of patches buys you:
- non-executable stack
- address-space randomization
- role-based access control
- chroot hardening
- enhanced auditing
If you're looking for a quick way of downloading the latest stable Linux kernel with the grsecurity patch already applied, clone this git repository (which can be browsed here):
git-clone http://git.catalyst.net.nz/linux-2.6.24-grsec.git
I also maintain an RSS feed (well, an Atom feed actually) keeping track of the latest grsecurity and PaX test patches:
Finally, make sure you run paxtest to make sure that the protections offered by grsecurity and PaX are properly enabled.
Add a comment