|
|
Subscribe / Log in / New account

Trying to get STACKLEAK into the kernel

Trying to get STACKLEAK into the kernel

Posted Sep 14, 2018 10:23 UTC (Fri) by Lionel_Debroux (subscriber, #30014)
In reply to: Trying to get STACKLEAK into the kernel by josh
Parent article: Trying to get STACKLEAK into the kernel

As long as the PaX and grsecurity patchsets were publicly downloadable at no extra cost (beyond some form of Internet connection, that is), until April 2017:

  • about community support: they did have a loyal following of users aware of the insecurity of mainline kernels, and willing to go through limited extra pain (especially after multiple large distros gained linux-grsec packages, at the cost of slightly reduced security because it nullifies RANDSTRUCT) to use more secure kernels than the default.
    Unfortunately, too many people trust words by Linus and friends more than words by the real security experts PaXTeam and spender. Many people - including subsystem and driver maintainers - didn't even bother to dig deeper into the huge security benefits of PaX / grsecurity + the hundreds of small, scattered bugfixes relevant to subsystem maintainers + the many additional stable backports (see Twitter thread about hundreds more patches being backported in grsecurity than in mainline) relevant to, well, pretty much everyone not trying to run mainline kernels all the time, i.e. lots of users. Instead of making their informed opinion by themselves, some of these people based their decisions on hearsay...
    The insecurity of mainline kernels is technically alleviable, as shown by PaX / grsecurity, but politically unfixable as shown by Linus rejecting some useful features and watering others down - as reported in this article and other earlier articles.
  • about supporting their business model: I can agree with that part of your post. It's a fact that the corporate customers, and community supporters, paying spender's company used not to be enough for PaXTeam + spender to be able to work on PaX / grsecurity near-full-time (assuming they wished to be able to do that anyway - I simply don't know). Most people just used the free version even in professional setups, few of them contributed money.
    The KSPP made their business model even more unsustainable by creating more work for them by integrating buggy, watered down derivatives of outdated versions of small PaX / grsecurity subsets: PaXTeam and spender had to fix conflicts, debug issues, review mainline changes which often turned out to be more bugs than fixes they should reintegrate.
  • good reporting, facts and sunlight: it's not clear to me how good reporting / facts / sunlight would be real enemies to PaX/grsecurity. If "reporters" pretend to provide good information, based on facts, and shine some sunlight, then they have no choice but point the large feature set. I found the earlier version clearer, with its single table full of ticks for grsecurity and missing features for mainline, but it was less detailed.
    Maybe on the communication style front, as spender's style is known to be abrasive ? Sure, but then Linus' style is also well documented as repeatedly offensive, turning some developers away from the kernel community (see multiple posts in the sub-thread above the sub-thread I started - I'll add a mention of Sarah Sharp, who created the USB 3 stack in Linux, making Linux the first kernel with decent USB 3 support). Good reporting needs to point it too.
    The defamation suit ? Indeed, that wasn't a step in the right direction, and definitely earned them negative publicity... But Bruce Perens contributing negative things against a technically unmatched product - from a relatively famous and supposedly trusted person, that other people can use to justify more FUD against grsecurity - might not have been a smart thing to do for the progress of mankind. There would have been no reason to make a suit against him without that trigger.

Now that they only provide the PaX and grsecurity patchsets behind a paywall accessible only to corporations (AFAIK):
  • they have lost their community of individual users, obviously;
  • however, they have gained customers (more logos on their web page, at least, but...), so the state of the world does support their business model to some extent, at least better than it used to when nearly everyone was free-riding. The defamation suit probably alienated them some potential customers, but the increased visibility might have unexpected benefits, who knows.
  • no change on good reporting, facts and sunlight: they obviously need to mention the defamation suit and the abrasiveness, but they also have to mention the technical advantages of the product, the severe systemic insecurity of the product it is based on, and the toxicity of mainline development, starting with Linus' abrasiveness.

TL;DR: I tried to imagine what you meant in multiple areas, but I partially failed. Are you willing to give more details on what you meant ? :)

(Log in to post comments)

Trying to get STACKLEAK into the kernel

Posted Sep 14, 2018 12:26 UTC (Fri) by seyman (subscriber, #1172) [Link]

> But Bruce Perens contributing negative things [...] might not have been a smart thing to do for the progress of mankind.

Bruce Perens warning people that using Grsecurity's Linux kernel security could invite legal trouble is indeed a smart thing to do, contrary to what you claim.

> There would have been no reason to make a suit against him without that trigger.

There was no reason to sue him even with that trigger, as a judge has ruled.

Trying to get STACKLEAK into the kernel

Posted Sep 15, 2018 5:40 UTC (Sat) by pabs (subscriber, #43278) [Link]

Re RANDSTRUCT, any idea if PaX/grsec folks have evaluated multicompiler?

http://ssllab.org/#multic
https://github.com/securesystemslab/multicompiler


Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds