Re: [libreplanet-discuss] Article on GRSecurity, RMS, etc.

[Adam Van Ymeren]

On Tue, Jun 28, 2016 at 12:58 AM, Shawn <citypw@gmail.com> wrote:
> On Tue, Jun 28, 2016 at 12:51 AM, Adam Van Ymeren <adam.vany@gmail.com> wrote:
>> On Mon, Jun 27, 2016 at 4:41 AM, Shawn <citypw@gmail.com> wrote:
>>> I'm not an expert of GPL compliance. I personally don't see any GPL
>>> violation in PaX/Grsecurity. Because of some embedded vendors pissed
>>> off PaX/Grsecurity's authors last year and then they decided stable
>>> patch was going to customer-only, which means you could get the source
>>> code once you paid. It's very fair to myself. Because they need to
>>> spend time and hire people to do the regression testing to make their
>>> customer's production system as stable as possible. Fortunately, they
>>> are still release test patch for public. As a user and a security
>>> consultant, test patch is good enough to deal with the most situation
>>> I've met.
>>
>> From what I've read.  It sounds like they are making customers sign
>> NDAs, and/or threatening to cut them off if the customers share the
>> source code for those patches to anyone.  This is clearly a violation
>> of freedom 2
>>
> Well, about this part I can't speak for Spender and PaX team. IMOHO,
> Spender doesn't care if you share the patch to those real FLOSS
> hackers who knows the importance of contribute back to the community.

This doesn't appear to be the case.  There are two reports I've seen
of people being threatened if they exercise freedom 2 granted to them
by the GPL.

https://www.reddit.com/r/linux/comments/4gxdlh/after_15_years_of_research_grsecuritys_rap_is_here/d2lwrdo

https://www.reddit.com/r/KotakuInAction/comments/4grdtb/censorship_linux_developer_steals_page_from_randi/d2l0ny8

>
>> "The freedom to redistribute copies so you can help your neighbor (freedom 
>> 2)."
>>
> IMOHO, Spender & PaX team never try to stop me help my "neighbors"
> from hardenedlinux community;-)
>
>> I'm not a lawyer or expert on the GPL.  The GPL may not protect
>> against situations like this, but it clearly goes against the spirit
>> of Free Software.
>>
> FLOSS community has been benefiting from PaX/Grsecurity for more than
> a decade. Most features of PaX/Grsecurity is/was ahead of industry and
> kernel upstream over years, e.g: the 1st non-executable bit was
> implemented in PaX's SEGEXEC back in 2000 and then Intel made it as a
> hardware bit( NX) in 2004; PaX released UDEREF around 2007, Intel's
> SMEP/SMAP came later for 4--7 years. Even other OSes has been learning
> from PaX/Grsecurity's design and implementation:
>
> http://hardenedlinux.org/images/pax_grsec_graph.jpg
>
> We've been suffering for years from Linux kernel's security philosophy
> "a bug is bug". KSPP is emerged out after the truth disclosured to the
> public:
>
> http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/
>
> KSPP is a good starting point and it's going to a long way to go.
> Dude, we are very lucky to have PaX/Grsecurity because they are
> willing to share their research. Maybe some people don't like
> Spender's personal character...to be honest, I don't give a shit about
> it. CU'z I don't have other options. If some big corps leeched your
> research and make money from it, what would you do? As a security
> consultant and a free software enthusiast( supporter of
> FSF/FSFE/EFF/SFC for years), I can fully understand why PaX/Grsecurity
> guys do this. IMOHO, PaX/Grsecurity is a friend of ours( FLOSS
> community). BIGBROs/Exploit vendors/leaches are the real enemies.

Just because the PaX/Grsecurity guys produce some quality software
doesn't override the moral requirements of free software.

PaX/Grsecurity wouldn't even be a thing without the Linux kernel that
came before them.  It is hypocritical and violates the spirit if Free
Software to take the exercise your freedoms but then try to prevent
others from doing the same.

Free Software is a moral issue, not a technical one.  Technical
excellence doesn't supersede moral obligations.

>
>>
>>>
>>> I 'd say we are lucky to have brilliant FLOSS hackers like Spender and
>>> PaX team in this era. Because of them, we have a very effective
>>> solution for linux kernel security, which compares to other core
>>> infrastructures such as firmware or compiler. Even CHIPSEC and
>>> reproducible builds are just starting point somehow. It'd be a long
>>> way to protect your digital freedom away from BIGBROs just like
>>> PaX/Grsecurity in kernel field;-)
>>>
>>> On Sun, Jun 5, 2016 at 12:58 PM,  <concernedfossdev@teknik.io> wrote:
>>>> Soylent news published an article/discussion on GRSecurity, RMS, etc
>>>> If you're interested it's here:
>>>> https://soylentnews.org/article.pl?sid=16/06/02/214243
>>>>
>>>>>RMS Responds - GRsecurity is Preventing Others From Redistributing Source 
>>>>>Code [UPDATED]
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> GNU powered it...
>>> GPL protect it...
>>> God blessing it...
>>>
>>> regards
>>> Shawn
>>>
>
>
>
> --
> GNU powered it...
> GPL protect it...
> God blessing it...
>
> regards
> Shawn