grsecurity forums

(...)For this and other reasons, PaX will be terminated on 1st April, 2005, a fitting date... (...)

It was with great surprise that I read the announcement by the PaX team. Your work has been no less than amazing, and for that I can't thank you enough. In a period where many vendors seem to take security lightly, deploying half-assed solutions like DEP and ExecShield, you have managed to make a difference by showing that you truly care about security.

So ok... You've found a major vulnerabilty in the code, I can't honestly believe that you'll leave such a great project for that reason, mistakes happen, moreover the code is provided as is, no guarantees, you don't owe anything to anyone. And to be honest, now I trust you even more. After the last advisory, you've showed that you really really care...

But well, I'm aware that my words won't make you change your mind. I just want to thank you, one last time, for this excellent project.

Best of luck,
JP

darko wrote:(...)For this and other reasons, PaX will be terminated on 1st April, 2005, a fitting date... (...)

It was with great surprise that I read the announcement by the PaX team. Your work has been no less than amazing, and for that I can't thank you enough. In a period where many vendors seem to take security lightly, deploying half-assed solutions like DEP and ExecShield, you have managed to make a difference by showing that you truly care about security.

So ok... You've found a major vulnerabilty in the code, I can't honestly believe that you'll leave such a great project for that reason, mistakes happen, moreover the code is provided as is, no guarantees, you don't owe anything to anyone. And to be honest, now I trust you even more. After the last advisory, you've showed that you really really care...

But well, I'm aware that my words won't make you change your mind. I just want to thank you, one last time, for this excellent project.

What the hell? What is this?

Where did you get that information? I can't believe it! This must be a very bad 1st April joke...

mikeeusa wrote:Is it true?

yes, although given the lack of offers for future maintenance, i don't yet know what to do, it's not what i expected for sure and may very well force me to find some other solution. we'll see at the end of the month.

PaX Team wrote:

mikeeusa wrote:Is it true?

yes, although given the lack of offers for future maintenance, i don't yet know what to do, it's not what i expected for sure and may very well force me to find some other solution. we'll see at the end of the month.

Today is 3/30, is the PaX will be terminated?

Is this some sick ass April fools joke? --it's not even April yet!
Everyone fscks up. At least you didn't fsck up like OpenBSD ...January of this year, a flaw was found in their tcp stack--if a packet with a malformed timestamp was sent, it'd crash that sob. ....Now that's a fsck up.

A side note... if I'm on a Linux without grsec, I feel uneasy-- like something is missing. I know GRSEC isn't the cure-all, but it's a damn good precautionary measure. Don't let your fans down :\

Did anyone knows the status of this now?

Skywind wrote:Did anyone knows the status of this now?

i do , since noone took over the project in the end, i'll do minimal maintenance on 2.2 and 2.4. the fate of the 2.6 version is in question, i definitely won't be following every release.

doesn't not using SEGMEXEC or RANDEXEC solve (workaround) the vulnerability or am I way off here?

ixion wrote:doesn't not using SEGMEXEC or RANDEXEC solve (workaround) the vulnerability or am I way off here?

it does but why not use the fixed versions instead?

PaX Team wrote:

ixion wrote:doesn't not using SEGMEXEC or RANDEXEC solve (workaround) the vulnerability or am I way off here?

it does but why not use the fixed versions instead?

terribly sorry, I didn't realize it was fixed.. I should've researched a bit more..

cheers!