Date: Mon, 2 Apr 2012 12:49:15 -0400 From: Richard Yao <ryao@cs.stonybrook.edu> To: Tom Evans <tevans.uk@googlemail.com> Cc: freebsd-stable@freebsd.org Subject: Re: Text relocations in kernel modules Message-ID: <4F79D88B.3040102@cs.stonybrook.edu> In-Reply-To: <CAFHbX1KiZx68MP4bCAvPc0Zui3fA4O35_z3kP781zoJqLYp7Bw@mail.gmail.com> References: <4F75E404.8000104@cs.stonybrook.edu> <4F75EF86.6090909@cs.stonybrook.edu> <20120330190713.GG2358@deviant.kiev.zoral.com.ua> <4F760C9E.6060405@cs.stonybrook.edu> <20120330194649.GH2358@deviant.kiev.zoral.com.ua> <4F761371.7020606@cs.stonybrook.edu> <20120330203605.GI2358@deviant.kiev.zoral.com.ua> <4F76350F.8000708@cs.stonybrook.edu> <20120330224631.GJ2358@deviant.kiev.zoral.com.ua> <4F7637F3.2060502@cs.stonybrook.edu> <CAGE5yCpuvsVrc-%2BDTVas-W4fjuP2s%2B6PQONMOTyEbGnj2CY3ig@mail.gmail.com> <4F766F29.2030803@cs.stonybrook.edu> <CAFHbX1KiZx68MP4bCAvPc0Zui3fA4O35_z3kP781zoJqLYp7Bw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--------------enig1E24C98EB82718245EB64EA0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 04/02/12 05:56, Tom Evans wrote: > On Sat, Mar 31, 2012 at 3:42 AM, Richard Yao <ryao@cs.stonybrook.edu> w= rote: >>> There are no security implications, no system resources to be wasted.= >>> >>> And if you think there are security implications, then lets see a >>> proof-of-concept. >> >> If I find time to write a proof-of-concept, I promise to publish it >> publicly. Your security team will find out when everyone else does. >=20 > Richard, I'm not sure what you are trying to accomplish here. You have > had a clear explanation of why certain things are done in a certain > way in the FreeBSD codebase, and a confirmation that they do not think > it causes any security issues in FreeBSD. >=20 > Your response is to threaten to write an exploit against FreeBSD, and > distribute it publicly before disclosing to security@. Some people believe that projects that do not take proper countermeasures against security vulnerabilities do not deserve to have special notification of issues. I happen to be one of them. > Are you trying to be an ass? Someone disagrees with you on the > internet, so you throw all the toys out the pram? I suggest that you look at things from my perspective. I asked a simple question on your mailing list. I then received several private emails from various FreeBSD developers insulting my intelligence for the act of asking a question. Who is the "ass" here? --------------enig1E24C98EB82718245EB64EA0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPediQAAoJELFAT5FmjZuEY3cQAM+Gm+9I1L6vj9mJzkcBcA4m BC2qiFtHixpRz51JQXAxWYVUoBnAvagSD+258blDrBTV9BuPCvGPJ4QOgcnS1wGW vJsTJQeGV1B/C0jvLtJGZb5eGatgnwVn4gxp4eputZMY6eQRTltE0QNyOrxqGY+n NXLRcYsp4dADe11s6VsMWJH59rtjKjaEtQFkMhMs1zUOxoL3zbjPpRXyqz6q0e9+ XQyYq0r+7tcfwLEf4KQlV2Qq68Xwf65Pkj30Y7mpg/dzOx1hcZaC2EBMyWddVX5/ Cybr32MnDwS46NFI+alpJwh98z5T6n5mianhThlXZw4229j0qEJzX/M8ah7XZcfE UCZJlaNZdOUbr02zYB5JO+ttDh1fi1t8bJhZh1yW2I5j3fC2W1BW0jB/bE9o93aV yAnb9HVBWANXj/y9gqjpzgJZ1U/woLAcOcqPAoqGUy+Jb6IoLFDpu3ChIBlhMcO8 AAQUoQrf3LC34epQcWvVDVJxuX4bgUKbjQZ7Z8hXGTVbtZc8DTEtlIGhB2U+keqW b57sfA5wWuyLfE1sFSNfR4HE9O71xdyNqokvySb0NdXaKaj6dxEHBP2bmpiKc0GR tqior/ahftGq/8EcygiqhUUKHeeBhmnxZsRLYCPSN0Tg8YKSJU+1m83+r+bftnfP SdS7YHQbFQtkQj0s+LEr =z0/z -----END PGP SIGNATURE----- --------------enig1E24C98EB82718245EB64EA0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F79D88B.3040102>