Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFyZpWutYKccn1eZBV5Lj_bF7gEZqy=LgjDOBqHk4poeTA@mail.gmail.com>
Date: Sat, 24 Jun 2017 09:46:12 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Brad Spengler <spender@...ecurity.net>
Cc: oss-security@...ts.openwall.com, Pax Team <pageexec@...email.hu>
Subject: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an
 ignored Secure Boot bypass / rootkit method

On Sat, Jun 24, 2017 at 8:15 AM, Brad Spengler <spender@...ecurity.net> wrote:
>
> So Linus, you called the patches garbage when someone asked how we fixed the heap
> stack gap issue 7 years ago when you failed to.  Can you provide any technical details
> demonstrating why that fix is garbage,

I didn't call "that fix" garbage.

I called the grsecurity patches garbage.

Why?

They aren't split up, there has never been any effort by you to make
them palatable to upstream, and when somebody else *dioes* try to make
them palatable to upstream, you start crying about how people are
taking advantage of your work (hah), and try to make them private
instead.

So tell me, why shouldn't I consider them garbage?  They are.

It's literally less work for people to re-implement things than look
at your mixed-up patches, and YOU SEEM TO BE DOING THAT ON PURPOSE.

Now, prove *me* wrong. Start trying to integrate your work upstream,
and send individual patches with commit logs that can be integrated.

> Put up or shut up, for once.

Indeed, Brad.

                  Linus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.