From owner-freebsd-stable@FreeBSD.ORG Mon Apr 2 17:12:53 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 17C1E106566B for ; Mon, 2 Apr 2012 17:12:53 +0000 (UTC) (envelope-from lattera@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id C25558FC14 for ; Mon, 2 Apr 2012 17:12:52 +0000 (UTC) Received: by obbwc18 with SMTP id wc18so5269324obb.13 for ; Mon, 02 Apr 2012 10:12:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=249n+T3mKEkQSwcFXfkDBAbjYrDpis2c5TyduzsGsdI=; b=QaId8U3IRm9C52osrfinaEpjcfa7zBarFG/2ZGX4HH0ZYGAq5xA27dJyK++2RQyMmP EOljoWPLBvCsY39BQONEwC/68TSRPcVah/tua3SaYQnr7N8v13cgTk4L0KqMIcJ05gmT 0X+5QVTPoa+d1wJDn6zu69shbBA/8frtX+8JxCyu10TMdo+34fjxIljzObvhE+eXMSrk mw8d7HjlK0VpiKwMttP9tQDCAzETCxm8hrQiEKpv2l+U7w8nPMHtOGkBSkNrTKO6iwwN asoqgbQBkxSCsBCD45dYbkRbj6g3UF3Kq5CwhRD29neyGltSWxASnZYRaxmGn8FgCWch /Ycw== MIME-Version: 1.0 Received: by 10.182.48.36 with SMTP id i4mr13553084obn.72.1333386772149; Mon, 02 Apr 2012 10:12:52 -0700 (PDT) Received: by 10.182.19.161 with HTTP; Mon, 2 Apr 2012 10:12:52 -0700 (PDT) Received: by 10.182.19.161 with HTTP; Mon, 2 Apr 2012 10:12:52 -0700 (PDT) In-Reply-To: <4F79D88B.3040102@cs.stonybrook.edu> References: <4F75E404.8000104@cs.stonybrook.edu> <4F75EF86.6090909@cs.stonybrook.edu> <20120330190713.GG2358@deviant.kiev.zoral.com.ua> <4F760C9E.6060405@cs.stonybrook.edu> <20120330194649.GH2358@deviant.kiev.zoral.com.ua> <4F761371.7020606@cs.stonybrook.edu> <20120330203605.GI2358@deviant.kiev.zoral.com.ua> <4F76350F.8000708@cs.stonybrook.edu> <20120330224631.GJ2358@deviant.kiev.zoral.com.ua> <4F7637F3.2060502@cs.stonybrook.edu> <4F766F29.2030803@cs.stonybrook.edu> <4F79D88B.3040102@cs.stonybrook.edu> Date: Mon, 2 Apr 2012 11:12:52 -0600 Message-ID: From: Shawn Webb To: Richard Yao Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Tom Evans , freebsd-stable@freebsd.org Subject: Re: Text relocations in kernel modules X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Apr 2012 17:12:53 -0000 Let's all calm down here. No need to make this personal. Let's please try to keep this conversation professional and respectful to all parties involved. Richard, I suggest that if you think the current implementation is less secure than other implementations, you could write a patch and submit it upstream. I'm sure that the FreeBSD security team would love any patches that enhance security. Granted, you might have to present a strong case for a patch of this nature to be accepted upstream, but I'm sure you will learn a lot about FreeBSD and others (like me) who maintain modified FreeBSD codebases would benefit from such a patch. I might be interested to help you develop this patch if you decide to take it on. Thanks, Shawn Sent from my Android 4.0 device. Please forgive any spelling or grammatical errors. On Apr 2, 2012 10:53 AM, "Richard Yao" wrote: > On 04/02/12 05:56, Tom Evans wrote: > > On Sat, Mar 31, 2012 at 3:42 AM, Richard Yao > wrote: > >>> There are no security implications, no system resources to be wasted. > >>> > >>> And if you think there are security implications, then lets see a > >>> proof-of-concept. > >> > >> If I find time to write a proof-of-concept, I promise to publish it > >> publicly. Your security team will find out when everyone else does. > > > > Richard, I'm not sure what you are trying to accomplish here. You have > > had a clear explanation of why certain things are done in a certain > > way in the FreeBSD codebase, and a confirmation that they do not think > > it causes any security issues in FreeBSD. > > > > Your response is to threaten to write an exploit against FreeBSD, and > > distribute it publicly before disclosing to security@. > > Some people believe that projects that do not take proper > countermeasures against security vulnerabilities do not deserve to have > special notification of issues. I happen to be one of them. > > > Are you trying to be an ass? Someone disagrees with you on the > > internet, so you throw all the toys out the pram? > > I suggest that you look at things from my perspective. I asked a simple > question on your mailing list. I then received several private emails > from various FreeBSD developers insulting my intelligence for the act of > asking a question. Who is the "ass" here? > >