Re: [Full-Disclosure] Talk in #grsecurity

[Joshua Brindle <method@xxxxxxxxxx>]

Dave Aitel wrote:

> Joshua Brindle wrote:
>
> |
> | So I ask grsecurity fans, why would you run the software of someone
> |  no better than the people trying to crack your machine? This is
> | not responsible behaviour and shows a clear disregard for security
> | and safety of others.
> |
>
> Whatever. It shows a clear disregard for people using half-solutions
> which don't work. This is normal behavior. The fact is that grsecurity
> is a hundred times better then the alternatives - and anyone using the
> alternatives has made some sort of comprimise that leaves them open to
> attack, and probably already knows it.
>
> -dave

It isn't in the best interest of anyone aside from himself. If he knows 
about an execsheild vulnerability and is waiting for it to get installed 
a few thousand machines before releasing it he is being malicious. 
Fedora users didn't choose execshield, Redhat chose it, and it isn't 
their fault. One could argue that it's their fault for installing Fedora 
but clearly they don't know any better if this vulnerability hasn't been 
released. This is totally irresponsible and is basically an ego booster 
and way of supporting grsec by causing problems to otherwise innocent 
users. If you really think this is helping anyone then you might want to 
step back and look at the situation again.

Spender is not a security professional, he's a backhat plain and simple. 
This is *not* how a responsible, mature whitehat would act. Waiting for 
an opportune time to release an exploit is playing bad politics and if 
you wish to participate in that shady behaviour be my guest but I 
suspect there are other people here that might not be so trusting of 
spender now.

Also, this is a call to spender to put up or STFU, his little fiasco 
about cokers selinux demo machine being cracked was absolutely unfounded 
, there is no evidence and the person he claimed did it said that he did 
no such thing. Spender talks alot of crap about other projects, claims 
that there are bugs in their code, etc. This, again, is the behaviour of 
an antisocial child, not a security professional.

Joshua Brindle

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html