Home » Mailing list archives » openbsd-misc » 2010 » June » 22

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Nick Holland
Subject: Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]
Date: Tuesday, June 22, 2010 - 1:43 pm

pourlori@hushmail.com wrote:
...rehashed old crap...

Anyone can say, "I want a car that flies" or "I want a non-polluting 
power source".  There is no skill in this, by itself.

The first bit of magic is coming up with a demonstration doing it.

The next bit of magic is actually making it practical.

PaX is a marginal little demo.  How many Linux distributions include 
PaX? How many PaX Linux implementations have you seen in production?

SELinux is actually in a number of Linux distributions...however, 
active in how many systems you have seen in production?  Very few.

Why? Because they break things.  For the most part, things that are 
broke already, but things that people don't bother to fix.

OpenBSD implements their solutions across the board, on by default, and 
as Just Works as much as the programmers can manage.  You don't chose to 
use X^W, it's just there.  Propolice?  randomizing everything you can? 
It's just there.  When they were first implemented, it broke a lot of 
stuff.  It found bugs.  The bugs got fixed.  That's how it has to go.

There are very few revolutionary ideas in the world, just evolutions of 
previous ideas.  Belief in revolutions in the computer world generally 
shows an ignorance of history.  We don't stand on shoulders of giants, 
we see a little further by standing on their toes...  (and yes, that 
statement is a blatant rip-off of a blatant ripoff of ...)

The PaX and SELinux people have not finished the job.  Get it in a 
mainstream Linux distribution (or convince people to use your distro, 
kill off the non-adopters), on by default and no easy "off" knob.  Force 
people to fix things.  Not so you can say "we were first", but so you 
can say, "we made things better than they were".  All they are doing now 
is saying "things COULD be better than they are now, and we talked about 
it first"

"I was thinking of flying cars before you!  I even figured out we can 
put the propeller on the back so it doesn't obstruct the view!" 
Meanwhile, at the airport...

(totally ignored in this is the AT LEAST as important "make it as good 
as you can BEFORE you rely on the cool tricks to save your ass" strategy 
that I don't hear anyone else making claim to.  Let's not forget that 
OpenBSD had a well-deserved reputation for security BEFORE Propolice, 
stackghost, W^X, etc...)

Nick.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.th ..., pourlori, (Tue Jun 22, 12:26 pm)
Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.th ..., E.T, (Tue Jun 22, 12:38 pm)
Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.th ..., Aaron Glenn, (Tue Jun 22, 12:39 pm)
Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.th ..., Nick Holland, (Tue Jun 22, 1:43 pm)
Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.th ..., Marco Peereboom, (Thu Jun 24, 10:56 am)
Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.th ..., Henning Brauer, (Thu Jun 24, 2:17 pm)
Re: [openbsd] fwd: [deraadt <at> cvs.openbsd.org: ht ..., pourlori, (Sat Jun 26, 6:51 am)