back to article Linux kernel security gurus Grsecurity oust freeloaders from castle

Linux users, the free lunch is over. Pennsylvania-based Open Source Security on Wednesday decided to stop making test patches of Grsecurity available for free. The software, a set of powerful Linux kernel security enhancements, includes features such as support for role-based access controls and chroot restrictions that harden …

  1. Crazy Operations Guy

    Well good riddance

    Their patches kinda sucked and were over-burdened with crap licenses, their code will not be missed.

  2. Anonymous Coward
    Linux

    Grsecurity makes money out of Open Source

    Linux is free as in beer, the venders were always free to charge for services rendered.

    1. tom dial Silver badge

      Re: Grsecurity makes money out of Open Source

      You also are free to charge whatever you like for the software, but are unlikely to attract many buyers.

      1. Crazy Operations Guy

        Re: Grsecurity makes money out of Open Source

        "You also are free to charge whatever you like for the software, but are unlikely to attract many buyers."

        Red Hat seems to be doing alright...

        1. tom dial Silver badge

          Re: Grsecurity makes money out of Open Source

          The GPL part of their software is available at no cost, via CentOS if not directly from them. Red Hat charges for support and for tools and other additional non-free software, as also is their right. And they are, as stated, doing alright with that model.

  3. bazza Silver badge

    WindRiver?

    Could be. If they're still including GRSecurity's patches without sticking to the license terms, then they've just screwed up. They make a feature of it in their sales blurb, which would now be cut off. I guess we'll see if their kernel drops the GR moniker, or starts becoming increasingly outdated.

    AFAIK BlackBerry also use GRSecurity's patches in their version of Android. Seems like a sensible idea.

    1. djack

      Re: WindRiver?

      There is no licensing issue. GrSecurity's kernel are license under GPLv2 which specifically allows the recipient to re-distribute.

      However, you are not obliged to re-distribute and nor are grSecurity obliged to do business with you, so if they find that you have distributed the kernel they are entirely within their right to refuse to give you their next version.

      The use of the grSecurity trademark is a different matter and I suppose the usage of it depends on what they are claiming in the associated documentation.

      1. Raumkraut

        Re: WindRiver?

        However, you are not obliged to re-distribute

        While this is technically correct, if a company sells devices which include the GrSecurity kernel patches, then that is re-distribution, and they are therefore obliged to provide the source code to any recipient who requests it.

        GrSecurity could be well within their contractual rights to cancel that company's subscription to their future patches, but the alternative is for the company to be in violation of the GPL, and lose any right to redistribute the Linux kernel at all.

        So if GrSecurity do take that position, then the only legally tenable use for their patches that I can see, are for hosted services where the machines in question never leave the control of organisations with direct GrSecurity contracts.

  4. Anonymous Coward
    Anonymous Coward

    flame on

    GRSecurity, SELinux and RBAC in general are all great perhaps for work but the first time you spend many hours diagnosing a seemingly unrelated problem due to RBAC causing things to silently fail in unpredictable ways you pretty much keep that head ache at work. Not to mention you get to pay up to a 5% performance penalty besides. If security is that important to you you are better off using properly audited OpenBSD instead anyway.

  5. Richard 22
    Thumb Down

    A little hypocrytical?

    "very few people dedicating half of their life to creating useful original work"

    Except Linus perhaps? And probably a load of others heavily involved in the linux kernel. Whose work they have taken and used for personal gain...

    I have nothing against people getting paid for what they do, but I think they would have been better served maintaining a public fork of the branch and providing paid for consultancy / support etc. There's a lot of people who earn a living working in Linux.

    They are, of course, free to do as they wish with the Linux code, within the terms of the license.

  6. Arthur the cat Silver badge
    Pint

    I don't care about Grsecurity or Linux

    but I do want the recipe for those penguins-onna-stick! (Particularly, what's the stuffing in the bottom half?) Maybe a Friday afternoon special article?

    Beer icon to wash the nibbles down with.

    1. Spasticus Autisticus
      Linux

      Re: I don't care about Grsecurity or Linux

      Hi Arthur

      Try these two, I'm sure there are others

      Tablespoon

      All Recipes

      1. Arthur the cat Silver badge
        Linux

        Re: I don't care about Grsecurity or Linux

        @ Spasticus Autisticus

        Many thanks (and an upvote).

        Sadly I'm lactose intolerant and can't eat cream cheese. I wonder if hummus would work? I feel a weekend food experiment coming on.

        1. Spasticus Autisticus
          Linux

          Re: I don't care about Grsecurity or Linux

          or perhaps a pink shirted Tux with some taramasalata, or tzatziki made with lactose free yoghurt - keeping it Greek :-) Use Kalamata olives for big penguins (the best tasting olives anyway!).

  7. ST Silver badge
    FAIL

    what an interesting way for Grsecurity ...

    ... of making themselves obsolete and irrelevant.

    WindRiver may or may not have tried to stiff Grsecurity by not paying for these patches. There's always two sides to any story. But that's besides the point.

    WindRiver is allowed, under GPLv2, to create and distribute binaries built from these patches. For free, or for money. If WindRiver distributes binaries, they are required, also under GPLv2, to make the source code for these patches available to anyone, on demand.

    However, WindRiver is under no obligation whatsoever to charge money for publishing the Grsecurity source code. Nor are they required to kick some of this money back to Grsecurity.

    Grsecurity knew all of this when they sold the patches to WindRiver. All these T's and C's are clearly written in the GPLv2.

    The only thing I see in this story is Grsecurity making an ass of themselves, as usual.

    If 16 years out of 34 seems too much of a commitment to writing security patches for the Linux kernel for free, then stop doing it, and move on to something else. Or ask RedHat to buy your company, if it's that valuable.

    1. Ramazan

      Re: what an interesting way for Grsecurity ...

      "what an interesting way for Grsecurity ...

      ... of making themselves obsolete and irrelevant."

      I always wondered why grsec hadn't been included in mainstream kernel. Used it in times of 2.4 and 2.6 and it was a pain in the ass to manually apply the patches and recompile the kernel each time, so eventually I've lost interest in grsec when it was still free. It was doomed then already, and paywall just brings closer grsec's death IMO.

      1. ST Silver badge
        Thumb Down

        Re: what an interesting way for Grsecurity ...

        > I always wondered why grsec hadn't been included in mainstream kernel.

        They've been accused of violating GPLv2 in the past. No serious Linux distro would touch this stuff with a 10-foot pole.

        Interesting and sleazy weasel-words offered as justification.

  8. Brewster's Angle Grinder Silver badge

    So a multinational trashes a backroom researcher trying to make a living, and you guys pile in against the indie.

    1. isogen74

      Piling in against someone who doesn't seem to comprehend the ramifications of the license they released their code under seems entirely justified. If anyone releases products with a GPLv2 kernel they are *obliged* under the terms of the GPL to make source code available to those they sell the products to.

      If you release code under a GPLv2 license it seems a bit rich to complain when people actually use it under the terms that the license allowed ...

      1. HieronymusBloggs

        "If anyone releases products with a GPLv2 kernel they are *obliged* under the terms of the GPL to make source code available to those they sell the products to."

        They are not obliged to provide you with new versions if you break the terms of the commercial agreement however. That agreement is orthogonal to the license.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021