Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Talk in #grsecurity
From: Joshua Brindle <method () gentoo org>
Date: Fri, 26 Mar 2004 16:52:54 -0600

Dave Aitel wrote:

Joshua Brindle wrote:

| So I ask grsecurity fans, why would you run the software of someone
|  no better than the people trying to crack your machine? This is
| not responsible behaviour and shows a clear disregard for security
| and safety of others.

Whatever. It shows a clear disregard for people using half-solutions
which don't work. This is normal behavior. The fact is that grsecurity
is a hundred times better then the alternatives - and anyone using the
alternatives has made some sort of comprimise that leaves them open to
attack, and probably already knows it.


It isn't in the best interest of anyone aside from himself. If he knows about an execsheild vulnerability and is waiting for it to get installed a few thousand machines before releasing it he is being malicious. Fedora users didn't choose execshield, Redhat chose it, and it isn't their fault. One could argue that it's their fault for installing Fedora but clearly they don't know any better if this vulnerability hasn't been released. This is totally irresponsible and is basically an ego booster and way of supporting grsec by causing problems to otherwise innocent users. If you really think this is helping anyone then you might want to step back and look at the situation again.

Spender is not a security professional, he's a backhat plain and simple. This is *not* how a responsible, mature whitehat would act. Waiting for an opportune time to release an exploit is playing bad politics and if you wish to participate in that shady behaviour be my guest but I suspect there are other people here that might not be so trusting of spender now.

Also, this is a call to spender to put up or STFU, his little fiasco about cokers selinux demo machine being cracked was absolutely unfounded , there is no evidence and the person he claimed did it said that he did no such thing. Spender talks alot of crap about other projects, claims that there are bugs in their code, etc. This, again, is the behaviour of an antisocial child, not a security professional.

Joshua Brindle

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]