|
|
Subscribe / Log in / New account

Dirty COW and clean commit messages

Dirty COW and clean commit messages

Posted Oct 22, 2016 18:19 UTC (Sat) by PaXTeam (guest, #24616)
In reply to: Dirty COW and clean commit messages by flussence
Parent article: Dirty COW and clean commit messages

> Since we're on the subject of tortuous security circus analogies, and you're here.

and i lost you about here too. can you write up your thoughts in a somewhat more coherent way that mere mortals can make sense of as well?

to post comments

Dirty COW and clean commit messages

Posted Oct 24, 2016 9:41 UTC (Mon) by FLHerne (guest, #105373) [Link] (3 responses)

I assume this is about the Twitter thing a few months ago, where whoever controls @grsecurity tried to suppress a bug far more explicitly than the upstream kernel ever has.

Someone tweeted "How to panic a current @grsecurity kernel as any user: $ script /dev/null </dev/zero (seriously, WTF)" and you:
- Blocked his account.
- Blocked his IP from your website.
- Blocked the accounts (and IPs?) of anyone else mentioning the bug, or the blocking.
- Removed @grsecurity and all its past tweets.

Naturally, the Streisand effect put it all over the Internet.

With that in recent memory, your complaint that _upstream_ handles security bugs poorly -- while IMO entirely true -- seems rather hypocritical.

Dirty COW and clean commit messages

Posted Oct 24, 2016 10:49 UTC (Mon) by PaXTeam (guest, #24616) [Link] (2 responses)

> [...]@grsecurity tried to suppress a bug far more explicitly than the upstream kernel ever has.

i see, so let's do some fact checking then. the bugreport is here: https://forums.grsecurity.net/viewtopic.php?f=3&t=4342 and you tell me what was suppressed there.

> and you:[...]

sorry to burst your bubble, but i didn't do any of that, it was spender's doing and he was simply cleaning up the trash (minus the IP banning which was obviously useless). as for the triggering tweet for all that shitstorm, it wasn't the one you cited (that was merely poking fun at him, or rather, us, considering it was my bug to begin with, not spender's) but the later outright *lies* that marcan spread. that had to be countered and it was, quite successfully in fact (he even came on IRC to explain himself and failed at it, perhaps someone who logged the channel can share it with the rest of us). he's still so upset that i exposed him as a liar that he's been trying to 'get even' ever since, last time he tried to sabotage the upstreaming of gcc plugins by fake licensing 'concerns' that too failed.

> With that in recent memory, your complaint that _upstream_ handles security bugs poorly -- while IMO entirely true -- seems rather hypocritical.

what's hypocritical in 1. acknowledging the bug, 2. describing its nature, 3. fixing it without lying about it? if we had failed at any of those steps then you'd have a point but as the facts show, we didn't.

Dirty COW and clean commit messages

Posted Oct 26, 2016 22:08 UTC (Wed) by nix (subscriber, #2304) [Link] (1 responses)

sorry to burst your bubble, but i didn't do any of that, it was spender's doing and he was simply cleaning up the trash (minus the IP banning which was obviously useless)
*BOGGLE*. I don't see how anyone can seriously characterize a mass of account blocking and deletion as 'cleaning up the trash'. It was utterly obviously a panicky cover-up to anyone older than the age of five. (And anyone over the age of ten could predict its inevitable failure.)

Dirty COW and clean commit messages

Posted Oct 27, 2016 17:41 UTC (Thu) by Arach (guest, #58847) [Link]

> It was utterly obviously a panicky cover-up

No sht, Sherlock. That's why the original bug report is still on the forum. And that's why spender stopped posting on twitter. Because all about it was is a cover-up, obviously.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds