mailing list archives
Re: Talk in #grsecurity
From: Joshua Brindle <method () gentoo org>
Date: Fri, 26 Mar 2004 16:52:54 -0600
Dave Aitel wrote:
Joshua Brindle wrote:
| So I ask grsecurity fans, why would you run the software of someone
| no better than the people trying to crack your machine? This is
| not responsible behaviour and shows a clear disregard for security
| and safety of others.
Whatever. It shows a clear disregard for people using half-solutions
which don't work. This is normal behavior. The fact is that grsecurity
is a hundred times better then the alternatives - and anyone using the
alternatives has made some sort of comprimise that leaves them open to
attack, and probably already knows it.
It isn't in the best interest of anyone aside from himself. If he knows
about an execsheild vulnerability and is waiting for it to get installed
a few thousand machines before releasing it he is being malicious.
Fedora users didn't choose execshield, Redhat chose it, and it isn't
their fault. One could argue that it's their fault for installing Fedora
but clearly they don't know any better if this vulnerability hasn't been
released. This is totally irresponsible and is basically an ego booster
and way of supporting grsec by causing problems to otherwise innocent
users. If you really think this is helping anyone then you might want to
step back and look at the situation again.
Spender is not a security professional, he's a backhat plain and simple.
This is *not* how a responsible, mature whitehat would act. Waiting for
an opportune time to release an exploit is playing bad politics and if
you wish to participate in that shady behaviour be my guest but I
suspect there are other people here that might not be so trusting of
Also, this is a call to spender to put up or STFU, his little fiasco
about cokers selinux demo machine being cracked was absolutely unfounded
, there is no evidence and the person he claimed did it said that he did
no such thing. Spender talks alot of crap about other projects, claims
that there are bugs in their code, etc. This, again, is the behaviour of
an antisocial child, not a security professional.
Full-Disclosure - We believe in it.