lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: scottp at dreamwright.com (Scott Phelps / Dreamwright Studios)
Subject: grsecurity: Another one bites the dust...

Ummm, what day is it?


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
Glenn_Everhart@...kone.com
Sent: Tuesday, April 01, 2003 9:06 AM
To: jeff@...r.net; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] grsecurity: Another one bites the dust...


Anybody know what the patent claims are?

Some of the descriptions of grsecurity sound an awful lot like
technology I developed for VMS and published in the late 1990s in the
Safety program (still available, free) or documented as trivial
extensions (rate limits).

A brief description of the Safety program is at http://users.rcn.com/gce
in case there is a wish to see what it has in a very limited way. It
assumes the VMS ACL system of course, and some of the other security
goodness in VMS, but gets fairly tricky in other ways.

The rate limiting idea was something I have described as a useful
feature for at least the past 6-7 years and can be found here and there
in my mails and some bits of publications (DECUS sigtapes mainly).

At any rate, it is possibly prior art and publication, and was certainly
released to the public and should be useful in defending claims that
functions it provides could be patented by someone else.

At one time I wanted to sell Safety, but gave up on that and just
published the sources several years ago. The documents had been
published when it was first implemented (along about 1995). 

While there is a bunch of other stuff in grsecurity that is not in
Safety it is probably worth while to keep aware of what has been
published (even in publications that (alas) seem to have narrow
circulation) so that if someone claims patents on some of those
functions, the patents can be disputed.

Glenn Everhart


-----Original Message-----
From: Jeff [mailto:jeff@...r.net]
Sent: Monday, March 31, 2003 10:14 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] grsecurity: Another one bites the dust...


http://www.grsecurity.net

Looks like another big company screwed over a team of innocent
developers. It's a shame, grsecurity had so much promise.

Figures.

-jeff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


**********************************************************************
This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format. Thank you
**********************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ