lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200308182213.h7IMDPME026862@caligula.anu.edu.au>
Date: Tue, 19 Aug 2003 08:13:25 +1000 (Australia/ACT)
From: Darren Reed <avalon@...igula.anu.edu.au>
To: 
Cc: bugtraq@...urityfocus.com, peter@...steddebian.org,
	deraadt@....openbsd.org
Subject: Re: Buffer overflow prevention


> Yet, persistantly we have been flooded by PAX supporters demanding
> that we should give credit to the PAX people for the ideas in W^X.
> When we had NOT known about PAX, and when W^X does NOT technically do
> what PAX does.
> 
> How is it that out of one side of the mouth PAX people say that things
> which I say are not possible on i386 using W^X (full per-page X bit) are
> possible using PAX, and then the other side of the mouth says that W^X
> is just derived from PAX ideas?
[...]
> Oh?  So to get their reward, they send out their drones to assault other
> projects, and get credit that is not theirs?
[...]
> I urge the PAX authors to get their community's rabid foaming under control.

Damn, this looks like textbook OpenBSD methodology for getting a vendor
to release hardware documentation or otherwise do what OpenBSD wants.

I guess it's a methodology that's only acceptable when it's being done
for the "noble" goals of the OpenBSD project and not when it is being
targetted at OpenBSD itself.

I suppose you might say this is a case of OpenBSD getting back what it
dishes out to others.

I sincerely doubt that this will have any impact, however, on the behaviour
of the OpenBSD drones.  But one can still hope.

Now if I could think of a security-related angle, this email might even
have a chance of ending up being sent to the bugtraq list...

(o)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ