Quote:
Originally Posted by cynwulf
Their goals are to get the kind of patching from grsecurity/PAX kernel hardening "in tree", this has not yet been achieved.
|
This is very oversimplified. Over last 2 years KSPP have mainlined several patches into Linux vanilla kernel. Some were from PAX, some not. Some mitigations are not enabled by default config and it is up to Gnu/Linux distros to enable them.
It is still far from Grsecurity state-of-art mitigations, but it is better and it is slowly, constantly being improved.