Re: [openbsd] fwd: [deraadt <at> cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-27 Thread pourlori
Haters please go off-list, identity is not relevant on a discussion list, I do not need attention nor personal implication. I'd be delighted to speak about privacy and stuff with my detractors, off-list. SELinux is another debate, I don't want to waste your time with it. Thanks for your participat

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-24 Thread Henning Brauer
* pourl...@hushmail.com [2010-06-22 21:31]: > Their official explanation sorry, but we have vacancies in our PR department, expect no "official" explanations anytime soon -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-24 Thread Jacob Yocom-Piatt
pourl...@hushmail.com wrote: There will always be OpenBSD haters, I want to be able to have a constructive, fact based discussion with them. If someone HAS valuable information, they can reply directly, without replying to misc. Thank you. fact: you are some douchebag who is late to

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-24 Thread Marco Peereboom
The PaX guys got their panties in a knot because they wanted credit for being first or something which they can have all day long. The OpenBSD code was developed in oblivion to PaX. So that guy still has an axe to grind because he wants something out of it. Not sure what though. I'll declare hi

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-24 Thread Andres Genovez
2010/6/24 STeve Andre' > > On Thursday 24 June 2010 12:52:35 pourl...@hushmail.com wrote: > > On Tue, 22 Jun 2010 21:39:10 +0200 Aaron Glenn > > > > wrote: > > >On Tue, Jun 22, 2010 at 7:26 PM, wrote: > > >> I do not wish to begin a troll-like thread, I just want the > > > > > >truth. > > > > >

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-24 Thread STeve Andre'
On Thursday 24 June 2010 12:52:35 pourl...@hushmail.com wrote: > On Tue, 22 Jun 2010 21:39:10 +0200 Aaron Glenn > > wrote: > >On Tue, Jun 22, 2010 at 7:26 PM, wrote: > >> I do not wish to begin a troll-like thread, I just want the > > > >truth. > > > >yes you do; no you don't. > >no one cares; p

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-24 Thread pourlori
On Tue, 22 Jun 2010 21:39:10 +0200 Aaron Glenn wrote: >On Tue, Jun 22, 2010 at 7:26 PM, wrote: >> >> I do not wish to begin a troll-like thread, I just want the >truth. > >yes you do; no you don't. >no one cares; please go away. You are wrong, if you are unable to reply properly to my request

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-22 Thread Nick Holland
pourl...@hushmail.com wrote: ...rehashed old crap... Anyone can say, "I want a car that flies" or "I want a non-polluting power source". There is no skill in this, by itself. The first bit of magic is coming up with a demonstration doing it. The next bit of magic is actually making it practi

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-22 Thread E.T
Quote from theo : - " our kernels have no bugs " On Tue, 22 Jun 2010 21:26:18 +0200, pourl...@hushmail.com wrote: > Hello misc, > > I was wondering if these accusations against OpenBSD were true, > I doubt he is lying, maybe he is just not telling the whole truth. > > http://www.uaoug.org.ua/

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-22 Thread Aaron Glenn
On Tue, Jun 22, 2010 at 7:26 PM, wrote: > > I do not wish to begin a troll-like thread, I just want the truth. yes you do; no you don't. no one cares; please go away.

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

2010-06-22 Thread pourlori
Hello misc, I was wondering if these accusations against OpenBSD were true, I doubt he is lying, maybe he is just not telling the whole truth. http://www.uaoug.org.ua/archive/msg01088.html The first part is irrelevant, Linux may have implemented the sysctl switch before OpenBSD. However, thei

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-09 Thread Steve Shockley
On 11/9/2009 11:38 AM, Dale Rahn wrote: I would love to see a decent (cortex based?) arm laptop/netbook. But this one isn't: 64MB ram, 800x480 resolution, unmentioned arm processor at unmentioned MHz, WindowsCE instead of linux? There's also no evidence of its existence on the manufacturer's w

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-09 Thread Dale Rahn
On Mon, Nov 09, 2009 at 08:59:55PM +0100, Martin Schr?der wrote: > 2009/11/9 Laurens Vets : > > Tbh, I was just replying to Dale's comment: "I would love to see a decent > > (cortex based?) arm laptop/netbook." > > Anybody tried porting OBSD to the Nokia N800++? > I wanted to try at one point in

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-09 Thread Martin Schröder
2009/11/9 Laurens Vets : > Tbh, I was just replying to Dale's comment: "I would love to see a decent > (cortex based?) arm laptop/netbook." Anybody tried porting OBSD to the Nokia N800++? Best Martin

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-09 Thread Laurens Vets
Ted Unangst wrote: On Mon, Nov 9, 2009 at 12:40 PM, Laurens Vets wrote: Dale Rahn wrote: But this one isn't: 64MB ram, 800x480 resolution, unmentioned arm processor at unmentioned MHz, WindowsCE instead of linux? The Always Innovating Touch Book maybe? http://www.alwaysinnovating.com/home/in

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-09 Thread Luke Seubert
Dave Wilson wrote: Toni Mueller wrote: It's not like I was in love with x86/amd64, but it's *really*hard* to go for something else. Further to this, if anyone is aware of any non-x86/x64 machines which are of similar bang-for-buck as off-the-shelf PCs, I for one would be *very* interested to k

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-09 Thread Ted Unangst
On Mon, Nov 9, 2009 at 12:40 PM, Laurens Vets wrote: > Dale Rahn wrote: >> But this one isn't: 64MB ram, 800x480 resolution, unmentioned arm >> processor >> at unmentioned MHz, WindowsCE instead of linux? > > The Always Innovating Touch Book maybe? > > http://www.alwaysinnovating.com/home/index.ht

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-09 Thread Laurens Vets
Dale Rahn wrote: On Sun, Nov 08, 2009 at 11:19:39PM -0500, Steve Shockley wrote: On 11/8/2009 1:17 PM, Dave Wilson wrote: An ARM laptop would be especially win :-) http://www.6ave.com/shop/Product.aspx?sku=VSLVL760-4GB Was on sale recently for $150 shipped. No clue if it sucks. I would lov

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-09 Thread Dale Rahn
On Sun, Nov 08, 2009 at 11:19:39PM -0500, Steve Shockley wrote: > On 11/8/2009 1:17 PM, Dave Wilson wrote: > >An ARM laptop would be especially win :-) > > http://www.6ave.com/shop/Product.aspx?sku=VSLVL760-4GB > > Was on sale recently for $150 shipped. No clue if it sucks. > I would love to se

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-08 Thread Steve Shockley
On 11/8/2009 1:17 PM, Dave Wilson wrote: An ARM laptop would be especially win :-) http://www.6ave.com/shop/Product.aspx?sku=VSLVL760-4GB Was on sale recently for $150 shipped. No clue if it sucks.

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-08 Thread Tomáš Bodžár
Then here it is http://www.alwaysinnovating.com/touchbook/ On Sun, Nov 8, 2009 at 7:17 PM, Dave Wilson wrote: > Toni Mueller wrote: >> >> now you only need to educate "us" about how such machines can be used >> in an economic fashion. >> >> Blaming people for not running PDA cpus for core routers

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-08 Thread Dave Wilson
Toni Mueller wrote: > > now you only need to educate "us" about how such machines can be used > in an economic fashion. > > Blaming people for not running PDA cpus for core routers or not > shelling out $40k for Niagara machines (supported by OpenBSD???) when > these are even outperformed by $4k

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-08 Thread Toni Mueller
Hi, On Fri, 06.11.2009 at 13:41:13 +0200, Lars Nooden wrote: > Unless you aren't running shit-for-architecture x86 systems still. > It is 2009 and there are sparc, mips, freescale and arm on the market. now you only need to educate "us" about how such machines can be used in an economic fashion

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-07 Thread SJP Lists
2009/11/5 Justin Smith : > "By default, Ubuntu 8.04 and later with a non-zero > /proc/sys/vm/mmap_min_addr setting were not vulnerable." > > Ubuntu 8.04 released in 2008 april. They've moved on from this then... http://ubuntuforums.org/showthread.php?t=143334

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-05 Thread ropers
2009/11/5 Tobias Ulmer : > Dear sweetheart, > > On Thu, Nov 05, 2009 at 01:12:58AM +0100, Claire beuserie wrote: >> Yes, I know, I was present in the room when Illja gave the talk in 2006 at >> the CCC Kongress and the two OpenBSD developers in the room decided to >> completely ignore the exploit h

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Tobias Ulmer
Dear sweetheart, On Thu, Nov 05, 2009 at 01:12:58AM +0100, Claire beuserie wrote: > Yes, I know, I was present in the room when Illja gave the talk in 2006 at > the CCC Kongress and the two OpenBSD developers in the room decided to > completely ignore the exploit he showed until Miod reproduced it

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Tomáš Bodžár
Ok to add more idiotic ideas to debate about Linux/MS and interoperability and so on why not add this one? http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2620&blogid= 14 EU Wants to Re-define bClosedb as bNearly Openb '.While there is a correlation between openness

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Egon E. Braun Filho
On Wed, 4 Nov 2009 13:46:26 +1100 Aaron Mason wrote: > Wine is a good idea, but it's stifling an even better idea - making > applications compatible across multiple OSes, something that hasn't > needed to be done in the M$ world because of the stranglehold they > had/have over the consumer market

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Egon E. Braun Filho
On Wed, 4 Nov 2009 13:46:26 +1100 Aaron Mason wrote: > Wine is a good idea, but it's stifling an even better idea - making > applications compatible across multiple OSes, something that hasn't > needed to be done in the M$ world because of the stranglehold they > had/have over the consumer market

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Donald Allen
On Wed, Nov 4, 2009 at 1:48 PM, Henry Sieff wrote: > On Wed, Nov 4, 2009 at 5:18 AM, Donald Allen wrote: > > [SNIP] > >> I realize that I'm preaching to the choir -- you know all this. But I >> think it's a mistake for (especially) the OpenBSD community to speak >> of OpenBSD as just about securi

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Henry Sieff
On Wed, Nov 4, 2009 at 5:18 AM, Donald Allen wrote: [SNIP] > I realize that I'm preaching to the choir -- you know all this. But I > think it's a mistake for (especially) the OpenBSD community to speak > of OpenBSD as just about security, when it's so much more than that. I think I would rephra

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Tom Van Looy
Matthias Kilian wrote: > And if you install something like wine, the knob is set back to 0, > probably without any notice (at least in ubuntu-8.10). That can explain why it's off on my system (karmic koala). By the way, this is from the debian wiki: Debian 5.0.3 ships with a default mmap_min_add

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Tom Van Looy
Ross Cameron wrote: > Actually no it was turned on. This is from the commit to the Linux kernel: "The amount of space protected is indicated by the new proc tunable proc/sys/vm/mmap_min_addr and defaults to 0, preserving existing behavior." It was turned off, 0 means no protection.

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Marco Peereboom
And it is totally on on *all* 90239490234873984 distros right? On Wed, Nov 04, 2009 at 06:43:14PM +0200, Ross Cameron wrote: > On Wed, Nov 4, 2009 at 5:54 PM, Theo de Raadt > wrote: > >> > For the record, this particular problem was resolved in OpenBSD a > >> while back, in 2008. > >> > >> Nice,

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Jacob Meuser
On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote: > On Wed, Nov 4, 2009 at 4:14 PM, Todd T. Fries wrote: > > Penned by Justin Smith on 20091104 15:45.33, we have: > > | Theo wrote: > > | > > | > For the record, this particular problem was resolved in OpenBSD a > > | while back, in 2008

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Matthias Kilian
On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote: > > And now we get into the fun stuff. > > > > Ever heard of 'secure by default' ? > > > > This knob is set to '0' by default. > > > > How many Linux installations actually read the above paragraph, understood > > what value it could hav

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Ross Cameron
On Wed, Nov 4, 2009 at 5:54 PM, Theo de Raadt wrote: >> > For the record, this particular problem was resolved in OpenBSD a >> while back, in 2008. >> >> Nice, but: >> >> "Since 2.6.23, it has been possible to prevent applications from >> mapping low pages (to prevent null pointer dereferencing in

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Ted Unangst
On Wed, Nov 4, 2009 at 10:55 AM, Justin Smith wrote: > "By default, Ubuntu 8.04 and later with a non-zero > /proc/sys/vm/mmap_min_addr setting were not vulnerable." > > Ubuntu 8.04 released in 2008 april. Ubuntu 8 also ships with a setuid pulseaudio by default, which renders the mmap_min_addr pro

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Stefan Wollny
> -Urspr|ngliche Nachricht- > Von: "Donald Allen" > Gesendet: 04.11.09 14:23:04 > An: misc@openbsd.org > Betreff: Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ ... > I realize that I'm preaching to the choir -- you know all t

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Justin Smith
On Wed, Nov 4, 2009 at 4:14 PM, Todd T. Fries wrote: > Penned by Justin Smith on 20091104 15:45.33, we have: > | Theo wrote: > | > | > For the record, this particular problem was resolved in OpenBSD a > | while back, in 2008. > | > | Nice, but: > | > | "Since 2.6.23, it has been possible to preven

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Theo de Raadt
> > For the record, this particular problem was resolved in OpenBSD a > while back, in 2008. > > Nice, but: > > "Since 2.6.23, it has been possible to prevent applications from > mapping low pages (to prevent null pointer dereferencing in the > kernel) via the /proc/sys/vm/mmap_min_addr sysctl, w

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Todd T. Fries
Penned by Justin Smith on 20091104 15:45.33, we have: | Theo wrote: | | > For the record, this particular problem was resolved in OpenBSD a | while back, in 2008. | | Nice, but: | | "Since 2.6.23, it has been possible to prevent applications from | mapping low pages (to prevent null pointer dere

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Jacob Yocom-Piatt
Otto Moerbeek wrote: On Wed, Nov 04, 2009 at 03:45:33PM +0100, Justin Smith wrote: Theo wrote: For the record, this particular problem was resolved in OpenBSD a while back, in 2008. Nice, but: "Since 2.6.23, it has been possible to prevent applications from mapping low pages

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Otto Moerbeek
On Wed, Nov 04, 2009 at 03:45:33PM +0100, Justin Smith wrote: > Theo wrote: > > > For the record, this particular problem was resolved in OpenBSD a > while back, in 2008. > > Nice, but: > > "Since 2.6.23, it has been possible to prevent applications from > mapping low pages (to prevent null poi

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability

2009-11-04 Thread Justin Smith
Theo wrote: > For the record, this particular problem was resolved in OpenBSD a while back, in 2008. Nice, but: "Since 2.6.23, it has been possible to prevent applications from mapping low pages (to prevent null pointer dereferencing in the kernel) via the /proc/sys/vm/mmap_min_addr sysctl, whic

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Donald Allen
On Wed, 4 Nov 2009 at 1:46 PM, Aaron Mason wrote: >On Wed, Nov 4, 2009 at 1:04 PM, Gonzalo Lionel Rodriguez > wrote: >> 2009/11/3 Claire beuserie : >>> Hi, >>> >>> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt >> wrote: >>> 2) At least three of our developers were aware of this exploitation

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Otto Moerbeek
On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote: > Hi, > > On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt wrote: > > > 2) At least three of our developers were aware of this exploitation > > method going back perhaps two years before than the commit, but we > > gnashed our te

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread Artur Grabowski
Claire beuserie writes: > That came out a bit weird: are you saying you knew about the bug for 2 years > but did not fix it? Yes. Because the solution sucks. And all others we tried were just not workable. Just like we knew that executable stacks can be used for exploits and didn't fix that for

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-04 Thread ropers
>From http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ : > or desktop environments such as Wine For some definitions of "desktop environments".

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Bob Beck
2009/11/3 Gilles Chehade : > On Tue, Nov 03, 2009 at 04:58:25PM -0700, Theo de Raadt wrote: >> [bcc'd to Dan Goodin @ theregister] >> >> If anyone wants a choice quote from me about the recent Linux holes, >> this is what I have to say: >> >> Linus is too busy thinking about masturabating monke

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Theo de Raadt
> Theo de Raadt wrote: > >http://article.gmane.org/gmane.linux.kernel/706950 > > > > > > > I replaced Linux around '01 or '02 with OpenBSD both at companies I've > worked for since and at home. I don't really care what other people use > for their needs, and I've been neutral in my opinio

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Scott McEachern
Theo de Raadt wrote: http://article.gmane.org/gmane.linux.kernel/706950 I replaced Linux around '01 or '02 with OpenBSD both at companies I've worked for since and at home. I don't really care what other people use for their needs, and I've been neutral in my opinion about Torvalds and

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Aaron Mason
On Wed, Nov 4, 2009 at 1:04 PM, Gonzalo Lionel Rodriguez wrote: > 2009/11/3 Claire beuserie : >> Hi, >> >> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt > wrote: >> >>> 2) At least three of our developers were aware of this exploitation >>> method going back perhaps two years before than the co

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Cor
My interpretation is that yes, they identified it as a possibility, but due to limitations of the Intel platform, there wasn't an obvious, clean, "correct" way to fix it. I don't think this is a "primary" exploit, however. You would have to have a buffer overflow or something in some other ap

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Tobias Ulmer
On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote: > Hi, > > On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt wrote: > > > 2) At least three of our developers were aware of this exploitation > > method going back perhaps two years before than the commit, but we > > gnashed our tee

http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Theo de Raadt
[bcc'd to Dan Goodin @ theregister] If anyone wants a choice quote from me about the recent Linux holes, this is what I have to say: Linus is too busy thinking about masturabating monkeys, he doesn't have time to care about Linux security. For the record, this particular problem was reso

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Gilles Chehade
On Tue, Nov 03, 2009 at 04:58:25PM -0700, Theo de Raadt wrote: > [bcc'd to Dan Goodin @ theregister] > > If anyone wants a choice quote from me about the recent Linux holes, > this is what I have to say: > > Linus is too busy thinking about masturabating monkeys, he doesn't > have time to

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Gonzalo Lionel Rodriguez
2009/11/3 Claire beuserie : > Hi, > > On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt wrote: > >> 2) At least three of our developers were aware of this exploitation >> method going back perhaps two years before than the commit, but we >> gnashed our teeth a lot to try to find other solutions.

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

2009-11-03 Thread Claire beuserie
Hi, On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt wrote: > 2) At least three of our developers were aware of this exploitation > method going back perhaps two years before than the commit, but we > gnashed our teeth a lot to try to find other solutions. Clever > cpu architectures don't ha