Full Disclosure mailing list archives
Re: Talk in #grsecurity
From: Joshua Brindle <method () gentoo org>
Date: Fri, 26 Mar 2004 16:52:54 -0600
Dave Aitel wrote:
Joshua Brindle wrote: | | So I ask grsecurity fans, why would you run the software of someone | no better than the people trying to crack your machine? This is | not responsible behaviour and shows a clear disregard for security | and safety of others. | Whatever. It shows a clear disregard for people using half-solutions which don't work. This is normal behavior. The fact is that grsecurity is a hundred times better then the alternatives - and anyone using the alternatives has made some sort of comprimise that leaves them open to attack, and probably already knows it. -dave
It isn't in the best interest of anyone aside from himself. If he knows about an execsheild vulnerability and is waiting for it to get installed a few thousand machines before releasing it he is being malicious. Fedora users didn't choose execshield, Redhat chose it, and it isn't their fault. One could argue that it's their fault for installing Fedora but clearly they don't know any better if this vulnerability hasn't been released. This is totally irresponsible and is basically an ego booster and way of supporting grsec by causing problems to otherwise innocent users. If you really think this is helping anyone then you might want to step back and look at the situation again.
Spender is not a security professional, he's a backhat plain and simple. This is *not* how a responsible, mature whitehat would act. Waiting for an opportune time to release an exploit is playing bad politics and if you wish to participate in that shady behaviour be my guest but I suspect there are other people here that might not be so trusting of spender now.
Also, this is a call to spender to put up or STFU, his little fiasco about cokers selinux demo machine being cracked was absolutely unfounded , there is no evidence and the person he claimed did it said that he did no such thing. Spender talks alot of crap about other projects, claims that there are bugs in their code, etc. This, again, is the behaviour of an antisocial child, not a security professional.
Joshua Brindle _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Talk in #grsecurity Ed Street (Mar 26)
- Re: Talk in #grsecurity andrewg (Mar 26)
- Re: Talk in #grsecurity andrewg (Mar 26)
- Re: Talk in #grsecurity Joshua Brindle (Mar 26)
- Re: Talk in #grsecurity Dave Aitel (Mar 26)
- Re: Talk in #grsecurity Joshua Brindle (Mar 26)
- Re: Talk in #grsecurity Peter Busser (Mar 27)
- Re: Talk in #grsecurity Joshua Brindle (Mar 26)
- <Possible follow-ups>
- Re: Talk in #grsecurity Henk Stubbe (Mar 26)
- Re: Talk in #grsecurity Valdis . Kletnieks (Mar 26)
- Re: Talk in #grsecurity Peter Busser (Mar 27)
- Re: Talk in #grsecurity Valdis . Kletnieks (Mar 26)