Hacker News new | past | comments | ask | show | jobs | submit login

What is the PaX situation? I tried googling but didn't find it



results of my Googling:

PaX seems to refer to the PaX team: https://pax.grsecurity.net/

There seems to have been drama related to some of their patches https://news.ycombinator.com/item?id=14633163.


There's a lot more nuance there, but my summary would be: pax team created grsecurity patches which are awesome, they come as a big bundles rather than separate patches for each part, and are a bit disruptive - you need to know why you want them / are they worth it. Upstream doesn't want huge bundles, pax doesn't want to invest time in splitting them up and fighting with upstreaming each one separately. There's some external effort in the last years to chip away the most important ones, (KSPP, Popov Kees) but it's slow. In the meantime pax provides grsecurity as consultancy.

Again - I skipped lots of details.


In short, PaX and grsecurity were security patches for the Linux kernel that failed to be upstreamed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: