Enterprise security firm Edera today is announcing OpenPaX that they promoted in their advance press notice as a “new open-source alternative to GrSecurity.” GrSecurity being the firm focused on providing out-of-tree Linux kernel patches focused in the name of security enhancements. With OpenPaX they are open-source and publicly available kernel patch for mitigating common memory safety errors and other system hardening.
OpenPaX aims to provide better runtime memory safety protections, better hardening systems against application-level memory safety attacks, and related functionality. The OpenPaX code is available under the GPLv2.
Today’s press release hitting the wire notes:
“OpenPaX is a Linux kernel patch and alternative to the original PaX patch (now distributed as part of grsecurity) on modern hardware for system administrators who need to provide a layer of defense against memory safety-related vulnerabilities. The Linux kernel community also gains access to an open source hardening patchset and some features of OpenPaX will be upstreamed as appropriate.
The introduction of OpenPaX is good news for Linux distros. Alpine Linux, for example, will return to shipping a PaX-enabled kernel in 3.21 as a technical preview. Further integration will happen in Alpine 3.22.”
The OpenPaX kernel code is available via Edera’s linux-openpax on GitHub.