[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Increasing the range of address-space layout randomization

Increasing the range of address-space layout randomization

Posted Dec 17, 2015 16:15 UTC (Thu) by spender (guest, #23067)
In reply to: Increasing the range of address-space layout randomization by corbet
Parent article: Increasing the range of address-space layout randomization

Are you a journalist or simply an establishment mouthpiece, regurgitating whatever information is posted on mailing lists? Nobody's asking you to mention us in irrelevant discussions, but in neither this article nor https://lwn.net/Articles/121845/, nor ironically even in the initial NIH upstream ASLR implementation linked therein (https://lwn.net/Articles/120966/) is there any mention of PaX.

If at any point in the past 15 years upstream had its own useful security ideas, by all means feel free to leave us out of articles discussing those topics, but given that that's clearly not been the case, and especially now with the essential fire sale of grsecurity/PaX features being ripped off by people who self-declare as having no real security or kernel development experience, you're essentially contributing to the rewriting of history and playing into the hands of the corporations that post the WP article want to be the ones recognized for making Linux secure (of course, with no original ideas or implementations of their own).

It's basic journalistic integrity and human decency, respect for the time and effort of others by acknowledging the work and ideas regardless of whether you personally like the person you're ripping off, but it's good that you've laid bare your obvious bias and agenda here for everyone to see. It's clear from your other articles (e.g. https://lwn.net/Articles/256389/, https://lwn.net/Articles/345076/, https://lwn.net/Articles/350100/, and many others) that you have no problem mentioning other "out-of-tree" projects that you don't have a personal vendetta against. It's not informing your audience and it's not journalism.

PS: scornful and truthful are mutually exclusive.

-Brad

to post comments

Increasing the range of address-space layout randomization

Posted Dec 17, 2015 16:23 UTC (Thu) by andresfreund (subscriber, #69562) [Link] (1 responses)

> PS: scornful and truthful are mutually exclusive.

Do you actually ever read what you write? What comes over as scornful is a significant portion of your messages, including the one I'm replying to, here and elsewhere. At some point that starts to rub of to the people conversing with you.

Increasing the range of address-space layout randomization

Posted Dec 19, 2015 15:57 UTC (Sat) by nix (subscriber, #2304) [Link]

It's hard to believe why anyone might have any sort of personal feelings against someone as charming and pleasant as Brad is.

I note that in the past Brad et al have attacked the upstream kernel for not including their stuff, and puffed said stuff at every opportunity. Now there's an attempt actually being made to get some of their stuff in, their response is... to attack the people doing the work, call them incompetent, and claim they are ripping work off. It appears there is *nothing* you can do which won't made Brad et al unhappy with you.

Increasing the range of address-space layout randomization

Posted Dec 18, 2015 0:15 UTC (Fri) by corbet (editor, #1) [Link]

Well, I have never once in my life claimed to be a journalist, FWIW.

Look, Brad, I think you have done a lot of good work. I certainly have no "personal vendetta" against it. Don't go paranoid on me, that won't help anybody.

I realize that trying to get work into the mainline can be frustrating and infuriating, and that holds doubly true for the kind of stuff that you do. It has taken a very long time for attitudes in the kernel community to catch up to our security problems, and the jury is still out on just how much that has happened even now.

Still, if you want to be a part of the kernel community, you need to be a part of the kernel community. If you work to get your code included just like everybody else does, there should be no issues around credit. If you sit on the sidelines and restrict access to your patches, you will be on the sidelines. Even then, when work clearly derives from what you have done (as with the post-init read-only stuff) the developers involved should credit their sources, and I will certainly try to mirror that. If this simple ASLR patch derives from your work, the author did not say so.

Honestly, Brad, I wish you would engage a bit more in useful forums; LWN, for all that I put into it, may not be the best place to actually get change effected. You have a lot to offer, but, if you want to come in from the cold, I don't think you can really expect me to just make that happen for you.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds