Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20170624155549.GA31293@openwall.com>
Date: Sat, 24 Jun 2017 17:55:49 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Shawn <citypw@...il.com>
Subject: Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method

Shawn,

I really don't appreciate you CC'ing kernel-hardening on this.  As I
wrote to you in the rejection message for that copy of your message:

"It's sufficient that we have this crap on oss-security.  Let's not spam
kernel-hardening with it as well.  Let's have it on just one list, and
it just so happens it started on oss-security this one time.  As a
moderator, I fully expect I'll have to shut down this thread soon anyway."

I also had to switch kernel-hardening to full message pre-moderation
because of your CC.  Hopefully temporarily again.  Last time I did this
(recently), and had since undone it (re-enabling the whitelist until
today), was because of what I'll call an "anti-grsecurity crap" thread.

Why pre-moderate even for previously whitelisted senders?  Because they
might be replying to this thread that you attempted to CC to
kernel-hardening, without them realizing that your initial message was
not approved there.  This is a general problem with CC's to moderated
lists, and why I ask that all of us please use CC's sparingly.

I don't like censorship, but I also want these mailing lists to remain
usable for their primary intended purposes for all of us.  This is why
we generally don't reject individual messages in these discussion
threads until eventually having to shut down the threads.  So all sides
have an equal opportunity to speak.

FWIW, my own opinion on the actual matters raised in these threads is
nuanced.  I'm not with either side.  I guess this makes it easier for me
to stay neutral as a moderator.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.