Date: Sat, 24 Jun 2017 09:46:12 -0700 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Brad Spengler <spender@...ecurity.net> Cc: oss-security@...ts.openwall.com, Pax Team <pageexec@...email.hu> Subject: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method On Sat, Jun 24, 2017 at 8:15 AM, Brad Spengler <spender@...ecurity.net> wrote: > > So Linus, you called the patches garbage when someone asked how we fixed the heap > stack gap issue 7 years ago when you failed to. Can you provide any technical details > demonstrating why that fix is garbage, I didn't call "that fix" garbage. I called the grsecurity patches garbage. Why? They aren't split up, there has never been any effort by you to make them palatable to upstream, and when somebody else *dioes* try to make them palatable to upstream, you start crying about how people are taking advantage of your work (hah), and try to make them private instead. So tell me, why shouldn't I consider them garbage? They are. It's literally less work for people to re-implement things than look at your mixed-up patches, and YOU SEEM TO BE DOING THAT ON PURPOSE. Now, prove *me* wrong. Start trying to integrate your work upstream, and send individual patches with commit logs that can be integrated. > Put up or shut up, for once. Indeed, Brad. Linus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.