|
|
Log in / Subscribe / Register

State of the Kernel Self Protection Project

State of the Kernel Self Protection Project

Posted Sep 1, 2016 12:32 UTC (Thu) by jake (editor, #205)
In reply to: State of the Kernel Self Protection Project by spender
Parent article: State of the Kernel Self Protection Project

Sorry you didn't like the article (and, evidently, the project), Brad, but this:

> it's merely a paraphrasing of Kees' slides but given a deceiving disinterested
> third-person spin.

is simply nonsense. I am reporting on a talk that Kees gave, for which he used the slides, so *Kees* paraphrased his slides and I reported on that. I am not a disinterested person (there's a reason I attended the Security Summit after all), so I certainly didn't try to spin things that way, nor do I see this supposed spin in the article. I am always open to criticism of my writing so that I can improve, but this is not useful in that regard.

jake

to post comments

State of the Kernel Self Protection Project

Posted Sep 1, 2016 17:47 UTC (Thu) by chirlu (guest, #89906) [Link]

Just an idea, “disinterested” may not have meant “bored” here, but “neutral” (i.e. without a personal interest, without “a horse in the race”).

State of the Kernel Self Protection Project

Posted Sep 2, 2016 0:03 UTC (Fri) by jschrod (subscriber, #1646) [Link]

Jake, no problem at all. We understand what you did. And you did a good job, we're grateful for it.

spender just wanted to demonstrate publicly why the kernel folks don't want to work with him, that's all. Film at 11.

State of the Kernel Self Protection Project

Posted Sep 2, 2016 2:16 UTC (Fri) by spender (guest, #23067) [Link] (1 responses)

My standards may be too high, but in my mind reporting != repeating verbatim what a particular person said, regardless of the facts. To repeat that "numerous protection features were added" to Linux 4.6 for instance, when that had already been thoroughly debunked here: https://forums.grsecurity.net/viewtopic.php?f=7&t=4476

There is not a whiff of critical thinking present here, it doesn't offer anything that isn't already present in the slides themselves (except, as I mentioned, to bestow a false impartiality to the evaluation of the KSPP as a success).

People come here to be informed and learn something, right? Or is it just to reinforce myths for yes-men?

-Brad

State of the Kernel Self Protection Project

Posted Sep 2, 2016 5:40 UTC (Fri) by karkhaz (subscriber, #99844) [Link]

> My standards may be too high, but in my mind reporting != repeating verbatim what a particular person said

Opinionated, analytical pieces are just one kind of reporting. Sometimes describing the facts without embellishment really is what is called for---for example, when reporting on conference talks. There do exist much more analytical articles on LWN, but this isn't one of them; I don't think it was intended to be. It would be a disservice both to conference speakers and to us readers if the LWN staff added their own editorial salt and pepper when reporting on conference talks, don't you think? The LWN staff do occasionally get opinionated when writing proper editorial pieces that are not based on talks, but I think embellishing other people's talks could get somewhat dangerous. LWN is the only place where most of us get any coverage of these talks, so I'd rather read a neutral summary and make my own mind up about the speaker; and maybe read a proper opinion-piece about the broader issues afterward.

> To repeat that "numerous protection features were added" to Linux 4.6 for instance
> There is not a whiff of critical thinking present here

The whole article is repeating stuff, without thinking too hard about it, that's kind of the point; that's made quite clear by the liberal sprinklings of "Cook said..." throughout the article. You have totally valid reasons for finding some of the claims to be lacking in merit, but they are Cook's claims and I think that it's very unfair to be flaming the messenger about them.

> Another nice PR piece for the KSPP
> It's merely a paraphrasing of Kees' slides but given a deceiving disinterested third-person spin

I don't think that Jake was trying to imbue Cook's talk with any special air of legitimacy by affecting a disinterested (neutral) tone, and especially not pushing an agenda. Cook is surely pushing KSPP's agenda, which may or may not be a questionable one, and it's reasonable to discuss that. But this article cannot be said to be a PR piece; it reported on the talk in an impartial way, and again I think it's unfair to accuse the author of partiality.

State of the Kernel Self Protection Project

Posted Sep 3, 2016 14:11 UTC (Sat) by spender (guest, #23067) [Link] (20 responses)

So let's assume that this article isn't a PR piece and would still totally exist if you weren't funded by the Linux Foundation to attend the conference.

Say I were to fund you to attend Black Hat this year where there were two presentations on generic KASLR defeats (the second not even really being new, it was already blogged about in 2014). I didn't see any articles on here about any of those talks (to actually educate others, here are the slides: https://www.blackhat.com/docs/us-16/materials/us-16-Fogh-... https://www.blackhat.com/docs/us-16/materials/us-16-Jang-...). Would you finally report on that in the same way that you delude your readers into thinking KASLR is useful by repeating slides from Kees' talk?

Just to make it interesting, I'm publicly making that a standing offer for next year for you Jake, at any real security conference that has a presentation relevant to Linux kernel security. If I happen to see one, I'll reach out to you. If you happen to see one, feel free to email me at spender@grsecurity.net and we'll set it up.

-Brad

State of the Kernel Self Protection Project

Posted Sep 5, 2016 16:17 UTC (Mon) by jake (editor, #205) [Link] (19 responses)

> Would you finally report on that in the same way that you delude your readers
> into thinking KASLR is useful by repeating slides from Kees' talk?

I know KASLR is a hot-button issue for you, Brad, but I think you might want to reread the article (and slides) again. I mention some architectures got the feature and that it will be expanded on x86_64 soon ... that's it ...

so exactly what am I deluding readers into believing? (or, in truth, is Kees deluding listeners with in the talk?)

I will go read those papers, though, thanks for the pointer ... I am always happy to get pointers of that sort in email if you (or others) see things you think we should be covering.

I have attended Black Hat once in the past ... an interesting conference to be sure, though the hype levels can only have gotten worse, sadly. I'm open to attending it again or to go to some other security conference of interest down the road, as my schedule permits.

We are certainly open to your offer and would accept travel sponsorship money from grsecurity (or you), with credit given as with others and just as much editorial control on what gets written as others (i.e. none). Thanks!

jake

State of the Kernel Self Protection Project

Posted Sep 5, 2016 17:37 UTC (Mon) by spender (guest, #23067) [Link] (15 responses)

Hi Jake,

Thanks for agreeing to my experiment. What I hope to demonstrate is that even without any kind of editorial control on behalf of the sponsor, LWN's reporting style basically enables sponsors to obtain "free" PR simply by having LWN repeat verbatim whatever a presenter has said, without consideration of any other facts the LWN staff may be aware of at the time. I'll note that my past LSS talk wasn't covered by LWN when the Linux Foundation wasn't sponsoring travel for it. Imagine if we were able to sponsor travel for more presentations than the Linux Foundation -- that would certainly weight the perception of viewpoints the biggest sponsor wants to achieve. Of course, if you were to not report on the security presentations in the same way as these from the Linux Foundation (by interjecting editorial comments), that would be an important bias to expose as well.

Not to mention that this report is a bit more unethical than even what I describe above, as the work itself is funded by the Linux Foundation (a trade association that operates in the interests of its commercial members), and on top of that the Linux Foundation is sponsoring you to report on it. That would be like us paying you to write about grsecurity positively by covering someone's positive talk on grsecurity. I won't ask you to do that as part of this experiment even if that would be a more apples to apples comparison to prove the point.

Totally in agreement about Black Hat being overhyped, but then so too is the presentation you covered :)

-Brad

State of the Kernel Self Protection Project

Posted Sep 5, 2016 17:53 UTC (Mon) by nix (subscriber, #2304) [Link]

LWN's reporting style basically enables sponsors to obtain "free" PR simply by having LWN repeat verbatim whatever a presenter has said, without consideration of any other facts the LWN staff may be aware of at the time.
So, you're saying that if LWN had noted that, say, this entire project existed purely because the kernel developers cannot work with you in particular (well, you and a few other anonymous people) which neatly explains why it is gatekeeping, oh sorry "ripping off" your work into the kernel, which is indeed another fact the LWN staff are demonstrably aware of, that you would have not attacked them straight out of the gate for saying that?

I don't believe you.

(I note that you have in the past attacked the kernel people for not accepting your work: yet here you attack them for doing the opposite, simply because the contribution of changes is coming through an intermediary. Is the real problem that they're not willing to accept your work without review, changes, or alterations of any kind whatsoever? Well, duh, you're not going to be treated like that because nobody is in any free software project worth its salt.)

State of the Kernel Self Protection Project

Posted Sep 5, 2016 18:29 UTC (Mon) by jake (editor, #205) [Link] (13 responses)

> LWN's reporting style basically enables sponsors to obtain "free" PR simply by
> having LWN repeat verbatim whatever a presenter has said, without consideration
> of any other facts the LWN staff may be aware of at the time.

gosh Brad I really don't think you get what we try to do with conference coverage ... we try to accurately reflect what the speaker said, so that we don't put words in their mouth ... if they make an outlandish claim (which happens rarely and did not happen here), we may point to something that contradicts their statement.

In other kinds of articles, we do try (and sometimes even succeed) to get multiple viewpoints into the mix. For example: https://lwn.net/Articles/546686/ ... though it appears to gall you, our sources tend to be public postings on the development mailing lists of interest. The fact that you rarely participate in lkml and similar lists makes it harder to get your thoughts and complaints reflected. You seem to believe there is some grand conspiracy to omit your efforts, but that simply isn't the case -- it is simply a consequence of where we can focus our limited attention. Had the folks who have published the KASLR breakage recently posted to lkml (or similar), I might have noticed and already written about them. I realize you find our efforts not be up to your journalistic standards, but I think we do pretty well within the limits we have. ymmv ...

In addition, I think you aren't seeing the big picture here ... the LF did *not* ask me to do anything ... cover LCNA, ContainerCon, LSS, or anything else. I applied for travel money to go to Toronto -- writing anything at all was kind of implied, but not required at *all* ... In addition, I am planning to write up LSS in its entirety -- Julia's and Kees's talks were just the first two chronologically ... more is coming, plenty of which has no particular LF connection at all ... I'm sorry you find me to be terribly unethical, but I think I am pretty transparent about what I am trying to do here ...

Unlike you, though, I do see KSPP as a success ... getting any of the mitigations, most of which have come from grsecurity/PaX, upstream is a success, however funded ... those mitigations were *demonstrably* not going upstream until recently and KSPP is a big reason why that's changed.

jake

State of the Kernel Self Protection Project

Posted Sep 12, 2016 14:24 UTC (Mon) by PaXTeam (guest, #24616) [Link] (12 responses)

> I do see KSPP as a success ... getting any of the mitigations [...] upstream is a success, however funded

Jake,

i've sat on this one because quite frankly, the level of cruelty and arrogance that you displayed here left me speechless for a (long) moment. i'd like to believe that you're better than this and haven't inadvertantly become full corporate shills so i hope that you will realize the judgement error you made.

let's review some facts before coming to the conclusion, shall we? i've been working on PaX *entirely* on my free time, that is, there's not a single line of code in PaX that was paid for by somebody. out of the last 16 years i spent over a decade in unemployment to make the necessary amount of free time available for the research and development of the world class defenses in PaX. my estimate is that i must have spent upwards of 15k hours of my free time on PaX already.

and what do i get in exchange here from you and some other even more clueless readers? you're basically making demands on me to spend thousands of hours more of my free time on upstreaming my code or else i will be called names and even be *blamed* for not pushing my code upstream. this is insanity, not any sort of success you're cheering about so much, unless of course you're happy about the hobbyist linux developers going away and getting replaced by corporations and their self-congratulating employees. the ends justify the means, don't they?

State of the Kernel Self Protection Project

Posted Sep 12, 2016 15:01 UTC (Mon) by pizza (subscriber, #46) [Link] (10 responses)

> let's review some facts before coming to the conclusion, shall we?

Oooh, yes, let's.

Fact -- Stuff that has been upstreamed is infinitely more useful to general end-users than the stuff that hasn't.
Fact -- You've stated that as-is, PaX is not suitable for upstream and requires a lot of work to do so
Fact -- You've stated that you're not willing to upstream anything.
Fact -- You're complaining that someone else is willing to upstream selected bits or re-implement some of the ideas.

Oh, one more thing:

> there's not a single line of code in PaX that was paid for by somebody. out of the last 16 years i spent over a decade in unemployment to make the necessary amount of free time [...]

Fact -- Your work on PaX has been largely subsidized by other people. Unless you're claiming that you haven't been supported by taxpayers or a spouse/family during this decade of no income?

Conclusions?

If your goal is to repeatedly demonstrate why nobody wants to work with you, you're succeeding admirably.

State of the Kernel Self Protection Project

Posted Sep 12, 2016 15:35 UTC (Mon) by PaXTeam (guest, #24616) [Link] (9 responses)

> Fact -- Stuff that has been upstreamed is infinitely more useful to general end-users than the stuff that hasn't.

what does this have to do with people making demands on my own free time? it's also wrong since being upstream != enabled.

> Fact -- You've stated that as-is, PaX is not suitable for upstream and requires a lot of work to do so

nope, what i said was there were parts of PaX that were implemented to minimize my efforts of maintenance which may or may not be what an upstreamable implementation would look like. ironically, some of the stuff that got upstreamed is evidence of upstream devs not realizing this fact.

> Fact -- You've stated that you're not willing to upstream anything.

not on my free time, correct.

> Fact -- You're complaining that someone else is willing to upstream selected bits or re-implement some of the ideas.

wrong, you should probably read and understand what you're replying to. my complaint is that people make *more* demands on my free time and have the guts to blame me when i refuse to do their bidding.

> Fact -- Your work on PaX has been largely subsidized by other people.

got a proof of that fact or shall we call it what it is, a baseless speculation?

> Unless you're claiming that you haven't been supported by taxpayers or a spouse/family during this decade of no income?

it's not really your business but no, that's not what happened, it was all my own savings.

> Conclusions?

your 'facts' speak for yourself quite well i think: thank you for demonstrating what clueless arrogance looks like to the outside world. yes, that's a fact ;).

State of the Kernel Self Protection Project

Posted Sep 12, 2016 16:18 UTC (Mon) by pizza (subscriber, #46) [Link] (8 responses)

> you're basically making demands on me to spend thousands of hours more of my free time on upstreaming my code

I shouldn't have to point out that something requiring "thousands of hours" to upstream, is, by definition, not something that is currently suitable for upstreaming.

> it's not really your business but no, that's not what happened, it was all my own savings.

Fair enough, I retract my statement to that effect. (I have to say that blowing a decade's worth of savings on a vanity project strikes me as being a rather unwise investment, but it's your time and money to do with what you will)

However, I stand by the rest -- You're saying that you're not willing to put forth the effort to upstream things because it's a lot of work, while simultaneously complaining about those who do, and the efforts to document that ongoing work.

If nothing else, it's incredibly boneheaded PR, but I doubt I'm the only one who's reads what you write and concludes that your public attitude demonstrates why you have such long bouts of unemployement.

But hey, it's your time, money, and life. Have at it, you answer only to yourself, and thus only have yourself to blame for the outcome.

State of the Kernel Self Protection Project

Posted Sep 12, 2016 17:22 UTC (Mon) by PaXTeam (guest, #24616) [Link] (4 responses)

> I shouldn't have to point out that something requiring "thousands of hours" to upstream, is, by definition, not something that is currently suitable for upstreaming.

you're wrong, there're many features in the kernel that i'm sure required even more time to get in shape (e.g., -rt, file systems, etc), second, this estimate isn't for a single particular feature but the ones i've heard people express an interest for.

> on a vanity project...

... that fundamentally influenced the entire industry to the point that you've been running code implementing my ideas for over a decade now. as for (not) being an investment, i'm not sure you realize but you're arguing against yourself and saying that i should have asked money from the get go (e.g., via patents, etc) instead of keeping it as a hobby that i gave away for free (gratis, in addition to libre).

> You're saying that you're not willing to put forth the effort to upstream things because it's a lot of work,

no, that's not what i'm saying. let me quote myself back, perhaps it'll sink the second time: not on my free time.

> while simultaneously complaining about those who do, and the efforts to document that ongoing work.

wait, are you saying that i should stop having an opinion just because it happens to be about my own code?

State of the Kernel Self Protection Project

Posted Sep 12, 2016 17:53 UTC (Mon) by pizza (subscriber, #46) [Link] (3 responses)

> wait, are you saying that i should stop having an opinion just because it happens to be about my own code?

As the saying goes, "Opinions are like a**holes. Everybody's got one and everyone thinks everyone else's stinks."

State of the Kernel Self Protection Project

Posted Sep 13, 2016 10:25 UTC (Tue) by sdalley (subscriber, #18550) [Link] (2 responses)

pizza, such remarks are unworthy of you.

The opinion of one who has, by the sweat of his brow, produced good working code, (for example, code in wide use by those who care about robust security-hardened kernels), will always be worth a lot more than the opinions of those who snipe from the sidelines.

Any of us would find continual criticism demoralizing. Why not try constructive praise?

State of the Kernel Self Protection Project

Posted Sep 13, 2016 11:35 UTC (Tue) by jubal (subscriber, #67202) [Link] (1 responses)

The opinion of one who has, by the sweat of his brow, produced good working code, (for example, code in wide use by those who care about robust security-hardened kernels), will always be worth a lot more than the opinions of those who snipe from the sidelines.
Perhaps you should address this to the lovely and gentle folks of the PaX fame when they again decide that it's time to talk down the whole kernel community. You might also want to remind them, that they are not the sole authors of the whole kernel, and their contribution, useful and needed as it is, is by far and large not the most important.

State of the Kernel Self Protection Project

Posted Sep 13, 2016 12:49 UTC (Tue) by PaXTeam (guest, #24616) [Link]

jubal, in general, if you have something to tell us/me, you can always address us/me directly.

> Perhaps you should address this to the lovely and gentle folks of the PaX fame when they again decide
> that it's time to talk down the whole kernel community.

first of all, you're trying to judge characters based on a very small sample of interactions which i guess speaks volumes more about yourself, than us. hint: we've worked with various kernel and other developers just fine for as long as our projects existed. you can find the evidence on lkml, bugzillas, distro lists, etc. as far as i recall, the only topic that ended up in flamewars was about high level policy decisions (about the handling of security related issues), which represents a small fraction of the interaction of all participating sides.

as for 'talking down' the whole kernel community, it's of course nonsense (present the evidence if you think otherwise). we did and do criticize people who we find do something stupid and we don't mince words about that either, not unlike certain kernel (and non-kernel) developers by the way. you just have to learn to deal with it.

> You might also want to remind them, that they are not the sole authors of the whole kernel, and their contribution,
> useful and needed as it is, is by far and large not the most important.

and why do we need to be reminded of this again? or was it just a strawman?

State of the Kernel Self Protection Project

Posted Sep 13, 2016 9:23 UTC (Tue) by paulj (subscriber, #341) [Link] (2 responses)

Not every technically capable person is adept at soft skills.

Maybe PaXTeam hasn't done the right things to secure funding. Maybe they're not capable of it. However, doesn't the fact we're discussing the work of a paid group to unpick PaXTeam's code and upstream suggest that it might be a good idea to also fund PaXTeam too?

State of the Kernel Self Protection Project

Posted Sep 13, 2016 12:40 UTC (Tue) by rahulsundaram (subscriber, #21946) [Link] (1 responses)

> However, doesn't the fact we're discussing the work of a paid group to unpick PaXTeam's code and upstream suggest that it might be a good idea to also fund PaXTeam too?

A commercial organization is far more likely to fund developers who have a history of pushing code upstream and are not antagonistic with that community of developers. Linux kernel developers have historically not been very welcoming to contributions that harden the kernel and omitting info on vulnerabilities they know about, so it isn't surprising to see that has been a constant source of friction but here we are now.

State of the Kernel Self Protection Project

Posted Sep 13, 2016 16:09 UTC (Tue) by paulj (subscriber, #341) [Link]

Well, of course. However, that doesn't change the fact that in an ideal world some way would be found to fund the developer who did the core work despite that, given that those unpicking that work are being paid.

State of the Kernel Self Protection Project

Posted Sep 13, 2016 20:15 UTC (Tue) by flussence (guest, #85566) [Link]

>you're basically making demands on me
No he isn't. The rest of your words have a similarly loose grip on reality.

State of the Kernel Self Protection Project

Posted Sep 5, 2016 17:56 UTC (Mon) by spender (guest, #23067) [Link] (2 responses)

Regarding KASLR and the article/slides, I read them just fine. What matters here (and where the spin occurs) is not in what's said, but in what isn't. That KASLR is being extended is just more cargo cult security and a distraction. What won't ever be mentioned is that there are generic local defeats circulating in public that none of these extensions deal with whatsoever. It's a way to avoid admitting it's a nonsense mitigation to begin with, if attackers even in the most strict sandboxes can defeat it. Upstream won't do anything to deal with it either likely because it's not clear if anything can be done about it. KSPP wants the image of security progress, so you can't expect Kees to admit the uselessness of KASLR in his talk, nor could you expect him to announce himself KSPP is bumbling along, when he needs to give the impression that it's a successful effort in order to attract more free work for the Linux Foundation.

-Brad

State of the Kernel Self Protection Project

Posted Sep 10, 2016 11:21 UTC (Sat) by spender (guest, #23067) [Link] (1 responses)

Hot off the presses, another KASLR bypass:

> We implement our attacks on a real system with Haswell CPU and recent Linux kernel and show that kernel-level ASLR can be recovered in about 60 milliseconds.

http://www.cs.binghamton.edu/~dima/micro16.pdf

-Brad

State of the Kernel Self Protection Project

Posted Sep 10, 2016 11:31 UTC (Sat) by tao (subscriber, #17563) [Link]

Ahhhh, Schadenfreude, sweet Schadenfreude.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds