|
|
Subscribe / Log in / New account

80b9edca1c11ec8118ab30451af9c1d492770c90

80b9edca1c11ec8118ab30451af9c1d492770c90

Posted Apr 15, 2011 9:12 UTC (Fri) by tcourbon (guest, #60669)
In reply to: 80b9edca1c11ec8118ab30451af9c1d492770c90 by PaXTeam
Parent article: Stable kernel 2.6.38.3

I'm not a typical reader of LWN (barely no technical skills and the one I have are certainly not in the security area) but to me, "privilege escalation" is rather a consequence of something, for instance here a "memory leak". And I don't think a commit message is the right place to list all the potential issues caused by some issue in the code.

And your attitude isn't very constructive. Except that it reinforce the picture I have of what "PaXTeam security experts" are as persons.

("Lol, let's put some uppercased letter in the middle of our name so everyone will understand we are true l33t.")

to post comments

80b9edca1c11ec8118ab30451af9c1d492770c90

Posted Apr 15, 2011 9:55 UTC (Fri) by PaXTeam (guest, #24616) [Link]

> "privilege escalation" is rather a consequence of something, for instance here a "memory leak".

'memory leak' is rather a consequence of something, for instance here 'forgot to decrement refcount'. you were saying... ? ;)

> And I don't think a commit message is the right place to list all the
> potential issues caused by some issue in the code.

it's a strawman. who talked about 'all the potential issues'? i certainly didn't because i would have run out of space then.

> And your attitude isn't very constructive.

why's that? you didn't know it was a privilege escalation bug before, now you do.

PS: LWN doesn't allow whitespace in usernames, and PaX stands for '[Pa]ge e[X]ec' as a (now) historical reference to the original feature implemented by (what had started out at the time as an actual team of) us, it has nothing to do with elitespeak. but hey, apparently i'm the one with the attitude problem, not you, so it's all c001 ;).

80b9edca1c11ec8118ab30451af9c1d492770c90

Posted Apr 15, 2011 10:12 UTC (Fri) by ledow (guest, #11753) [Link] (4 responses)

Regulars tend to ignore subscriber #24616 because of a long history of things like this. There's a difference between having a point, and trying to shove it down people's throats at every single opportunity that's even vaguely related to anything obscurely linked to a possible potential security weakness in any fashion. For a start, one gets attention, the other gets ignored (see Jeorg Schilling for a similar example).

Kinda daft for a "team" that consists of one person, who remains anonymous - always a way to inspire trust - and who has more of a reputation for being an "opinion bully" than for actually getting code into the kernel.

It's a shame to see someone who's obviously a good coder with well-intentioned ideas throw it all away because they are so confrontational and persistently annoying.

PaXTeam is spam, basically. Filter as you deem appropriate.

80b9edca1c11ec8118ab30451af9c1d492770c90

Posted Apr 15, 2011 10:31 UTC (Fri) by PaXTeam (guest, #24616) [Link] (2 responses)

Hi ledow,

it seems i struck a nerve or something :). are you a kernel developer? or do you just cover up security bugs in whatever software you work on? for the record, i think dozens of kernel releases passed by since i had last singled out an obvious security bug, i did this one in particular because the exact same kind occured almost 3 years ago (https://lwn.net/Articles/288490).

PS. i find it very funny when an anonymous person rants about another ;)

80b9edca1c11ec8118ab30451af9c1d492770c90

Posted Apr 15, 2011 12:38 UTC (Fri) by pyellman (guest, #4997) [Link]

4 minutes, wasted. You owe me.

80b9...

Posted Apr 15, 2011 17:49 UTC (Fri) by xorbe (guest, #3165) [Link]

Possibly, your effectiveness could increase with less abrasiveness.

80b9edca1c11ec8118ab30451af9c1d492770c90

Posted May 7, 2011 9:21 UTC (Sat) by nix (subscriber, #2304) [Link]

I wouldn't call PaXTeam anonymous. Just as PJ was, or our other resident annoyance Florian Mueller, his actions speak for him. Unlike Florian, he has code to speak for him as well, and I think put together this produces a fairly good picture of the sort of guy he is: a classic security geek, a skilled coder who produces results worth using, whose skill at spotting vulnerabilities has perhaps leaked into a paranoid and adversarial view of the real world. (Not all security geeks are like this, by any means: some are charming and helpful to all comers. For all I know PaXTeam is charming offline: there are several major free software personalities who are like that. But we must judge from the online persona we see.)

80b9edca1c11ec8118ab30451af9c1d492770c90

Posted Apr 15, 2011 17:47 UTC (Fri) by chad.netzer (subscriber, #4257) [Link]

You are entering a long, dark corridor... Beware.

I've previously advocated for interested parties to host a git repo which uses the "git notes" feature to amend commits with the security implications that are found for a commit (for those advocating such things). And perhaps someone has by now; the tools are there, at least in a crude form. If there is truly value in having that data in a repo, it should become popular w/ distros and vendors.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds