| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: peter at devbox.adamantix.org (Peter Busser) Subject: Talk in #grsecurity Hi! > I was there and the conversation most certainly happened, in fact you > can see when i joined in the pasted converstation. > > The reason the conversation was posted is because this is full > disclosure where I assume at least the majority of people actually > believe in full disclosure and people keeping vulnerabilities secret > isn't exactly kosher. This in particular is what i'm refering to > > [22:40] <BlackNet> how many do you have that's not released? > [22:41] <spender> 2 for exec-shield > [22:41] <spender> 3 for systrace > [22:41] <spender> 1 for DTE > [22:41] <spender> ~10 for LIDS > [22:42] <BlackNet> that's alot > [22:42] <spender> oh > [22:42] <spender> 3 i think for linsec > [22:43] <BlackNet> all of these are non-reported? > [22:43] <spender> correct > > So I ask grsecurity fans, why would you run the software of someone no > better than the people trying to crack your machine? This is not > responsible behaviour and shows a clear disregard for security and > safety of others. What I wonder is: Why would Brad specifically target exec-shield and Fedora? I mean, with 10 zero-day bugs, doesn't this mean that LIDS would be a much more easier target? It couldn't have anything to do with the way the people from the company behind exec-shield have treated people from competing projects, such as gr-security. Could it? FYI, I don't know Brad Spender. I am not a gr-security user and neither am I a gr-security fan. Although I can understand what he is doing, I don't approve of it. Groetjes, Peter Busser
Powered by blists - more mailing lists