[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Nested Function Patches
Yoshinori K. Okuji
Re: Nested Function Patches
Tue, 10 Jan 2006 17:14:33 +0100
On Monday 09 January 2006 07:13 pm, Peter Jones wrote:
> There's no FUD here. The grub project *has* chosen to ignore the
> implications of this, and you continue to do so.
As I said, I don't take your claim serious until you show a good reason. This
is not ignoring but rejecting.
> This is just plain insulting; I've sent you numerous patches for various
> things and tried, on several occasions fairly successfully, to cooperate
> with you. I've got more patches which could be beneficial as well,
> though mostly they're in a state where they're not suitable for upstream
> yet, and I expect you know this if you're even paying the slightest bit
> of attention to how people are using grub.
I'm sorry if I just forget your contribution, but I really don't remember what
you have done under the term of cooperation.
> The fact that we disagree on this point hardly justifies the insinuation
> that I'm not "an engineer or a programmer". Above that, I *have* cited
> technical reasons, and you don't seem to be interested in them.
I simply don't know your job, so I can't say if you are a programmer or not.
And, I don't see any technical reason in the context of GRUB at all.
> > - You feel that it is safer
> I haven't said anything about what I "feel", and you're putting it this
> way to try to unrealistically discredit my statements. It is
> demonstrably safer not to have executable stacks, and I have mentioned
> that and quoted the figures to do so. Nested functions mandate the use
> of executable stacks. Thus, it is safer not to use nested functions.
You have not mentioned why executable stacks are bad in GRUB. When you talk
about them, you always start talking about other projects.
> > - Everybody is going to disable executable stacks
> I don't think I've said everybody, but I have said that the trend is
> towards more OSes doing this. Is this somehow not clearly true.
> Off the top of my head, this discussion has been pretty constant for the
> last 10 or so years on linux-kernel, and was fairly prominent in the
> last year on the mailing lists for binutils, gcc, and glibc. It's also
> been a topic of discussion on quite a few other lists, and as far as I'm
> aware no other project has had any serious problem with making their
> stacks non-executable when there was no technical reason for them to be
> executable. Your like of nested functions isn't a technical reason --
> you think it's pretty, and that's pretty much the end of the reasoning.
I have already mentioned my technical reasons in a past mail. IIRC, you didn't
reply to them. If you don't think they are technical, I don't understand what
you think are technical. The question is very similar to "why we use local
> You clearly do not. It isn't *at all* about any marketing point of
> view. Programs with executable stacks are demonstrably exploited more
> than those without, and that includes programs not foreseen to be run in
> a way where overruns could result in an exploit. That's the real world,
> which you're ignoring.
Again, about other projects. I'm not interested in other projects in this
> If I've insulted you, I apologize, for I've had no intent on doing so.
> I do, however, continue to recognize that the grub project is ignoring
> security concerns. I'm still dismayed over this, because I'd like grub
> to continue getting better. And I'm going to continue trying to help
> make it so in the foreseeable future, both regarding this problem and
> others, even though I understand that some times you'll refuse to take
> what I say into account, or make some other choice. You're free to do
> so, but insulting me because I mentioned when you've done so is really
> pretty petty.
I'm just waiting until you start thinking GRUB rather than other projects.
My feeling is that you overly extend some cases to the general principle. I
know that executable stacks are harmful in some types of projects, in
particular network servers, because clients may trigger buffer overrun. But
this does not prove that they are harmful in *all* projects. Mathematically
speaking, this is not always true, as well as setuid is not always harmful.
Also, note that I have never seen any bug report about a security hole in
GRUB. The reason is simple; there is no way to execute arbitrary code as
another user in GRUB. Correct me if I'm wrong.