Re: [libreplanet-discuss] Article on GRSecurity, RMS, etc.

[Shawn]

On Tue, Jun 28, 2016 at 12:51 AM, Adam Van Ymeren <adam.vany@gmail.com> wrote:
> On Mon, Jun 27, 2016 at 4:41 AM, Shawn <citypw@gmail.com> wrote:
>> I'm not an expert of GPL compliance. I personally don't see any GPL
>> violation in PaX/Grsecurity. Because of some embedded vendors pissed
>> off PaX/Grsecurity's authors last year and then they decided stable
>> patch was going to customer-only, which means you could get the source
>> code once you paid. It's very fair to myself. Because they need to
>> spend time and hire people to do the regression testing to make their
>> customer's production system as stable as possible. Fortunately, they
>> are still release test patch for public. As a user and a security
>> consultant, test patch is good enough to deal with the most situation
>> I've met.
>
> From what I've read.  It sounds like they are making customers sign
> NDAs, and/or threatening to cut them off if the customers share the
> source code for those patches to anyone.  This is clearly a violation
> of freedom 2
>
Well, about this part I can't speak for Spender and PaX team. IMOHO,
Spender doesn't care if you share the patch to those real FLOSS
hackers who knows the importance of contribute back to the community.

> "The freedom to redistribute copies so you can help your neighbor (freedom 
> 2)."
>
IMOHO, Spender & PaX team never try to stop me help my "neighbors"
from hardenedlinux community;-)

> I'm not a lawyer or expert on the GPL.  The GPL may not protect
> against situations like this, but it clearly goes against the spirit
> of Free Software.
>
FLOSS community has been benefiting from PaX/Grsecurity for more than
a decade. Most features of PaX/Grsecurity is/was ahead of industry and
kernel upstream over years, e.g: the 1st non-executable bit was
implemented in PaX's SEGEXEC back in 2000 and then Intel made it as a
hardware bit( NX) in 2004; PaX released UDEREF around 2007, Intel's
SMEP/SMAP came later for 4--7 years. Even other OSes has been learning
from PaX/Grsecurity's design and implementation:

http://hardenedlinux.org/images/pax_grsec_graph.jpg

We've been suffering for years from Linux kernel's security philosophy
"a bug is bug". KSPP is emerged out after the truth disclosured to the
public:

http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/

KSPP is a good starting point and it's going to a long way to go.
Dude, we are very lucky to have PaX/Grsecurity because they are
willing to share their research. Maybe some people don't like
Spender's personal character...to be honest, I don't give a shit about
it. CU'z I don't have other options. If some big corps leeched your
research and make money from it, what would you do? As a security
consultant and a free software enthusiast( supporter of
FSF/FSFE/EFF/SFC for years), I can fully understand why PaX/Grsecurity
guys do this. IMOHO, PaX/Grsecurity is a friend of ours( FLOSS
community). BIGBROs/Exploit vendors/leaches are the real enemies.

>
>>
>> I 'd say we are lucky to have brilliant FLOSS hackers like Spender and
>> PaX team in this era. Because of them, we have a very effective
>> solution for linux kernel security, which compares to other core
>> infrastructures such as firmware or compiler. Even CHIPSEC and
>> reproducible builds are just starting point somehow. It'd be a long
>> way to protect your digital freedom away from BIGBROs just like
>> PaX/Grsecurity in kernel field;-)
>>
>> On Sun, Jun 5, 2016 at 12:58 PM,  <concernedfossdev@teknik.io> wrote:
>>> Soylent news published an article/discussion on GRSecurity, RMS, etc
>>> If you're interested it's here:
>>> https://soylentnews.org/article.pl?sid=16/06/02/214243
>>>
>>>>RMS Responds - GRsecurity is Preventing Others From Redistributing Source 
>>>>Code [UPDATED]
>>>
>>>
>>
>>
>>
>> --
>> GNU powered it...
>> GPL protect it...
>> God blessing it...
>>
>> regards
>> Shawn
>>



-- 
GNU powered it...
GPL protect it...
God blessing it...

regards
Shawn