Re: OT: Re: FYA: http://heartbleed.com/
On Thu, 10 Apr 2014 03:44:26 +, Ralph W Siegler wrote: > Stuart Henderson spacehopper.org> writes: > > >> On 2014-04-09, sven falempin gmail.com> wrote: >> > i which this : https://polarssl.org was open and inside the base >> >> You can wish, but that is commercial+GPL code so OpenBSD can't use it >> in base. > > What I would wish for is the OpenSSH project to expand to become the > OpenSSH/SSL project. I'll take a 'correct and slow' transport layer > security over 'fast and bypassing my OS's memory protection features' > transport layer security any day. Such a scope would seem to be within > the purview of securing communications. Dang, I got my wish with the LibreSSL project! Another donation coming up!
Re: OT: Re: FYA: http://heartbleed.com/
On Wed, Apr 9, 2014 at 10:25 PM, Theo de Raadt wrote: > > The problem with that as I see it is that people will complain about > > not being able to donate to a specific subset of the project. As > > with OpenSSH in the past and probably present. The same way many > > complained before the foundation existed about paying Theo's power > > bill and humble salary. [...] > > A correction is due here. > > My salary is only a sub-set of the CD sales. That is a result of the > bi-annual release engineering. > > In years past, the CD revenue beyond my salary was used to fund > hackathons, network, and the electricity. That decreased as time went > by. Until there was little left. > > Then the Foundation came along. > > So, regarding your paragraph: donations were not for my salary. > Sorry if I wasn't clear. I kind of muddled the two together. I do understand that. It's why I stated 'before the foundation existed'. If my memory serves me it was a point of contention that cd sales and whatever meager direct donations went into a big pot, most of which is for what you described, the rest for you and that it wasn't tax deductible. If I can manage to be clear for a change, I always thought it was a bullshit attitude but seems to be a reality. People who donate only because they get tax breaks are pricks. Maybe I'm off base and it's not worth the time to pander to those folks. Ignoring the masses is one of the things that make this project great. I'll stop beating this bike shed colored horse now. Thank you all for your hard work and dedication. I'll be able to make a donation at the end of this month and will. --noah
Re: OT: Re: FYA: http://heartbleed.com/
> The problem with that as I see it is that people will complain about > not being able to donate to a specific subset of the project. As > with OpenSSH in the past and probably present. The same way many > complained before the foundation existed about paying Theo's power > bill and humble salary. [...] A correction is due here. My salary is only a sub-set of the CD sales. That is a result of the bi-annual release engineering. In years past, the CD revenue beyond my salary was used to fund hackathons, network, and the electricity. That decreased as time went by. Until there was little left. Then the Foundation came along. So, regarding your paragraph: donations were not for my salary.
Re: OT: Re: FYA: http://heartbleed.com/
On Wed, Apr 9, 2014 at 8:44 PM, Ralph W Siegler wrote: > Stuart Henderson spacehopper.org> writes: > > > > > On 2014-04-09, sven falempin gmail.com> wrote: > > > i which this : https://polarssl.org was open and inside the base > > > > You can wish, but that is commercial+GPL code so OpenBSD can't use it in > base. > > What I would wish for is the OpenSSH project to expand to become the > OpenSSH/SSL project. I'll take a 'correct and slow' transport layer > security over 'fast and bypassing my OS's memory protection features' > transport layer security any day. Such a scope would seem to be within > the > purview of securing communications. > > So Theo's message in the other thread about openssh and the foundation imho is the right approach. Not that my opinion matters. Point out what secure, fundamentally important software billions of people rely on every second of every day and don't pay a dime for. Step up and donate, I'm sure everybody here agrees. The problem with that as I see it is that people will complain about not being able to donate to a specific subset of the project. As with OpenSSH in the past and probably present. The same way many complained before the foundation existed about paying Theo's power bill and humble salary. I shouldn't say problem, couldn't think of better language, just that there may be an opportunity here. I disagree with that attitude completely but in this case would it be such a bad idea to make an appeal to the broader community and seek funding for just this? I guess my point is, people are worked up about this and everybody knows you guy's are the ones to fix it, even if they whine about their hurt feelings. -noah
Re: OT: Re: FYA: http://heartbleed.com/
Stuart Henderson spacehopper.org> writes: > > On 2014-04-09, sven falempin gmail.com> wrote: > > i which this : https://polarssl.org was open and inside the base > > You can wish, but that is commercial+GPL code so OpenBSD can't use it in base. What I would wish for is the OpenSSH project to expand to become the OpenSSH/SSL project. I'll take a 'correct and slow' transport layer security over 'fast and bypassing my OS's memory protection features' transport layer security any day. Such a scope would seem to be within the purview of securing communications.
Re: OT: Re: FYA: http://heartbleed.com/
On 2014-04-09, sven falempin wrote: > i which this : https://polarssl.org was open and inside the base You can wish, but that is commercial+GPL code so OpenBSD can't use it in base. https://en.wikipedia.org/wiki/Secure_Transport#Overview Though I wonder how many OpenSSL premium support customers' worth of annual fees it would take to persuade them to relicense.
Re: OT: Re: FYA: http://heartbleed.com/
On Tue, Apr 8, 2014 at 9:05 PM, noah pugsley wrote: > On Tue, Apr 8, 2014 at 12:40 PM, Theo de Raadt >wrote: > > > > On Tue, Apr 08, 2014 at 15:09, Mike Small wrote: > > > > nobody writes: > > > > > > > >> "read overrun, so ASLR won't save you" > > > > > > > > What if malloc's "G" option were turned on? You know, assuming the > > > > subset of the worlds' programs you use is good enough to run with > that. > > > > > > No. OpenSSL has exploit mitigation countermeasures to make sure it's > > > exploitable. > > > > What Ted is saying may sound like a joke... > > > > So years ago we added exploit mitigations counter measures to libc > > malloc and mmap, so that a variety of bugs can be exposed. Such > > memory accesses will cause an immediate crash, or even a core dump, > > then the bug can be analyed, and fixed forever. > > > > Some other debugging toolkits get them too. To a large extent these > > come with almost no performance cost. > > > > But around that time OpenSSL adds a wrapper around malloc & free so > > that the library will cache memory on it's own, and not free it to the > > protective malloc. > > > > You can find the comment in their sources ... > > > > #ifndef OPENSSL_NO_BUF_FREELISTS > > /* On some platforms, malloc() performance is bad enough that you can't > > just > > > > > > OH, because SOME platforms have slow performance, it means even if you > > build protective technology into malloc() and free(), it will be > > ineffective. On ALL PLATFORMS, because that option is the default, > > and Ted's tests show you can't turn it off because they haven't tested > > without it in ages. > > > > So then a bug shows up which leaks the content of memory mishandled by > > that layer. If the memoory had been properly returned via free, it > > would likely have been handed to munmap, and triggered a daemon crash > > instead of leaking your keys. > > > > OpenSSL is not developed by a responsible team. > > > > > > > Perhaps it's a great time to kickstart an OpenOpenSSL replacement, a la > bgpd, ospfd, smtpd et al? Now, I don't have the skills or the guts, but I > do have $5 on it. Anybody else? > > i which this : https://polarssl.org was open and inside the base -- - () ascii ribbon campaign - against html e-mail /\
OT: Re: FYA: http://heartbleed.com/
On Tue, Apr 8, 2014 at 12:40 PM, Theo de Raadt wrote: > > On Tue, Apr 08, 2014 at 15:09, Mike Small wrote: > > > nobody writes: > > > > > >> "read overrun, so ASLR won't save you" > > > > > > What if malloc's "G" option were turned on? You know, assuming the > > > subset of the worlds' programs you use is good enough to run with that. > > > > No. OpenSSL has exploit mitigation countermeasures to make sure it's > > exploitable. > > What Ted is saying may sound like a joke... > > So years ago we added exploit mitigations counter measures to libc > malloc and mmap, so that a variety of bugs can be exposed. Such > memory accesses will cause an immediate crash, or even a core dump, > then the bug can be analyed, and fixed forever. > > Some other debugging toolkits get them too. To a large extent these > come with almost no performance cost. > > But around that time OpenSSL adds a wrapper around malloc & free so > that the library will cache memory on it's own, and not free it to the > protective malloc. > > You can find the comment in their sources ... > > #ifndef OPENSSL_NO_BUF_FREELISTS > /* On some platforms, malloc() performance is bad enough that you can't > just > > > OH, because SOME platforms have slow performance, it means even if you > build protective technology into malloc() and free(), it will be > ineffective. On ALL PLATFORMS, because that option is the default, > and Ted's tests show you can't turn it off because they haven't tested > without it in ages. > > So then a bug shows up which leaks the content of memory mishandled by > that layer. If the memoory had been properly returned via free, it > would likely have been handed to munmap, and triggered a daemon crash > instead of leaking your keys. > > OpenSSL is not developed by a responsible team. > > > Perhaps it's a great time to kickstart an OpenOpenSSL replacement, a la bgpd, ospfd, smtpd et al? Now, I don't have the skills or the guts, but I do have $5 on it. Anybody else?
