grsecurity forums

[PaX Team]

Pax Team, it is a philosphy comparable with making an axe and be surprised people uses it for wood cutting not children toy.

as it often happens in the world of computers, real life comparisons tend to fall on their face. in this particular case, PaX would be more like a particularly strong alloy that you can use to build an axe, not a complete ready-to-use tool per se. next try?

Such patches like grsecurity have no point besides production environment, people on their workstations don't need features grsecurity provides people

and so wrong you are... since the very first day of the existence of PaX (exactly 5.5 years ago, FWIW) it was meant to be used on end-user systems as well, to the extent that ever since i've been running it myself just to know what it is like (eating one's own cake or something). eventually others have followed suit and we began to work out all the little (or not so little) issues that arose. it's been a long process but the outcome of that work is that hardened gentoo users these days have the chance to run with full PaX (including NOELFRELOCS) and their choice of access control system. you can't build a comparably secure *and* usable desktop on the market, whether free software or commercial.

and the reason you want a secure desktop is because client side attacks are much more powerful and viable (even more so than they were 5 years ago).

We all appreciate non for profit effort but it requires attitude which actually fits to the idea of such software, otherwise you may just abandon the project because you are only wasting your precious time and start developing an MP3 player. Usually people starts non for profit initiatives to enjoy them, and for other people to share this joy, but you, instead of enjoying the fact your work has gained respect among sysadmins who do serious and responsible work and puts considerable amount of trust in this project, behave like we were some annoyance.

now that was a mouthful, wasn't it . i won't analyze it in detail as there're too many logical fallacies in it, i'd just like to ask you one (rhetorical) question: what if i don't enjoy supporting PaX on 2.6? chess-mate?

[Raf256]

Such patches like grsecurity has no point besides production enviroment, people on their workstations doesn't need features grsecurity provides people running production

Btw, I use grsecurity on desktop and find it usefull. Why not have system more immune?

[PaX Team]

It's actually the second time I see such a statement. The first was from Hans Reiser, about his ReiserFS filesystym, and was made after major problems with ReiserFS leading to data corruption were found in the code. It went essentially like: "yes, it's unstable, it will chew your data, but hey - you haven't paid a dime for it so what are you expecting? If you want your data back, pay me and I'll restore it for you." I've never used this FS since then. Guess I wasn't the only one to make this decission.

and what does the reiserfs situation have to do with grsecurity? nothing.

You've managed to completely miss my point (not only you, as a matter of fact).

i didn't miss your point at all, it's just that it has been discussed before, so i only added what wasn't said already. for the most recent discussion see the thread at http://grsecurity.net/pipermail/grsecurity/2006-January/000655.html.

[Platyna]

Dear Pax Team, I didn't even bothered to read further throught all that hostility and sarcasm, since it is a weapon of the weak and antisocial. ;)
Anyway I have get used to the fact most of good software is written by rude and small peni...erm...ego ones, so it is not surprise for me. All I can do is to wish grsecurity that attitude will not cause any harm to the project, because it is a piece of good code, unfortunately very much dependent of kernel releases.

Regards.

[Dwokfur]

Pax Team, it is a philosphy comparable with making an axe and be surprised people uses it for wood cutting not children toy.

as it often happens in the world of computers, real life comparisons tend to fall on their face. in this particular case, PaX would be more like a particularly strong alloy that you can use to build an axe, not a complete ready-to-use tool per se. next try?

Such patches like grsecurity have no point besides production environment, people on their workstations don't need features grsecurity provides people

and so wrong you are... since the very first day of the existence of PaX (exactly 5.5 years ago, FWIW) it was meant to be used on end-user systems as well, to the extent that ever since i've been running it myself just to know what it is like (eating one's own cake or something). eventually others have followed suit and we began to work out all the little (or not so little) issues that arose. it's been a long process but the outcome of that work is that hardened gentoo users these days have the chance to run with full PaX (including NOELFRELOCS) and their choice of access control system. you can't build a comparably secure *and* usable desktop on the market, whether free software or commercial.

and the reason you want a secure desktop is because client side attacks are much more powerful and viable (even more so than they were 5 years ago).

To Platyna's suprise: on my desktop and my laptop I run grsecurity enabled hardened gentoo.
Thanks to PaXTeam, pipacs, Spender, Solar and all others. Please keep up, guys.

Regards,
Dw.

[brant]

Rather than wank about the toil of others, why not contribute with the development effort and/or donate to the cause?

[emostar]

Rather than wank about the toil of others, why not contribute with the development effort and/or donate to the cause?

Then the remaining question is... how does one help out with development, other than testing?

[PaX Team]

Rather than wank about the toil of others, why not contribute with the development effort and/or donate to the cause?

Then the remaining question is... how does one help out with development, other than testing?

how about writing HOWTOs/documentation and policies for various apps/distros/etc? i'm sure there's need for such and it's just as important part of development as the code itself (that is, if we expect people other than ourselves to use it .

[Hal9000]

It takes a worthless feminist woman (read: most women) to drag out the penis jokes. I see what the apostle Paul was getting at when he warned against marraige; why volunteer to feed and clothe she who will be an enemy in your own house?

You have to get used to the fact that good anything is created by men... untill ofcourse your woman's world outlaws _this_ form of "discrimination" too (damn those men, doing those "hobbies").

Have some respect for the men who make fine security software, woman. It isn't easy and one slipup means a hole.

this thread is degenerating...

[Platyna]

mikeeusa, let me guess, you never had a woman because all of them were running away while seeing your sweated, pink manga t-shirt, right?

Very sorry, couldn't resist .

And about those bragging of using grsec for desktop machines: The fact I may use 128 CPU HP Integrity (and I would if I was bloody rich) for a desktop doesn't mean it has a point or is main purpose of HP Integrity. Duh!

Anyway the thread has gone into Pax Team's attitude while some people are trying to push it into feminism and general flamewar. Sorry Spender. ;)

Regards.

[FTC]

<sarcasm>
It's really nice to see the appreciation of some users for this excellent free piece of software. Developed on free time.
</sarcasm>

I'd like to thank all those involved in grsec development.

After reading thise post and some others on this forums (I've just registered, but I've been tracking this forums for a long time now), I think that it'd be a good indea to post a sticky explaining "when the next version of grsecurity will be available".

I think that it'd avoid threads like this (at least, most of the time).

Just my $0.02.

Again, many thanks for grsecurity. Keep up the good work!

FTC