On Mon, 2006-01-09 at 16:06 +0100, Yoshinori K. Okuji wrote: > On Wednesday 28 December 2005 09:08 am, Peter Jones wrote: > > That's taking the very unrealistic point of view that using nested > > functions isn't broken. It is, in a great many ways which have already > > been discussed in depth, and which you've, rather disturbingly, chosen > > to ignore. Using "features" which require an executable stack is still > > just a bad idea. > > > > It's too bad that the grub project has chosen to ignore the pragmatic > > implications of code structure and style. > > I'm sick of your FUD.
There's no FUD here. The grub project *has* chosen to ignore the implications of this, and you continue to do so. > If you are an engineer or programmer, show a technical > reason. This is just plain insulting; I've sent you numerous patches for various things and tried, on several occasions fairly successfully, to cooperate with you. I've got more patches which could be beneficial as well, though mostly they're in a state where they're not suitable for upstream yet, and I expect you know this if you're even paying the slightest bit of attention to how people are using grub. The fact that we disagree on this point hardly justifies the insinuation that I'm not "an engineer or a programmer". Above that, I *have* cited technical reasons, and you don't seem to be interested in them. > All you have mentioned are: > > - Red Hat does not ship programs with nested functions Yes, and that trend will certainly continue. > - You feel that it is safer I haven't said anything about what I "feel", and you're putting it this way to try to unrealistically discredit my statements. It is demonstrably safer not to have executable stacks, and I have mentioned that and quoted the figures to do so. Nested functions mandate the use of executable stacks. Thus, it is safer not to use nested functions. > - Everybody is going to disable executable stacks I don't think I've said everybody, but I have said that the trend is towards more OSes doing this. Is this somehow not clearly true. > Where is such a discussion in depth? Is this time before renaissance? Off the top of my head, this discussion has been pretty constant for the last 10 or so years on linux-kernel, and was fairly prominent in the last year on the mailing lists for binutils, gcc, and glibc. It's also been a topic of discussion on quite a few other lists, and as far as I'm aware no other project has had any serious problem with making their stacks non-executable when there was no technical reason for them to be executable. Your like of nested functions isn't a technical reason -- you think it's pretty, and that's pretty much the end of the reasoning. I'm not going to argue about if those aesthetic values are reasonable or not, but I will reiterate that there has been no technical reason presented, even when very politely without any hint of ridicule or chastising, for using any feature which requires an executable stack. So don't talk about me spreading FUD when I haven't, or of not citing technical reasons. I have, and you've cited only aesthetic ones. > I understand the behavior of Red Hat, since Red Hat is after all a commercial > entity, so it must make business from marketing point of view. You clearly do not. It isn't *at all* about any marketing point of view. Programs with executable stacks are demonstrably exploited more than those without, and that includes programs not foreseen to be run in a way where overruns could result in an exploit. That's the real world, which you're ignoring. > But GRUB is > not tied with such an activity. We are open to opinions, but you should not > insult the project or the members only because our technical decision is not > compatible with your own desire. If I've insulted you, I apologize, for I've had no intent on doing so. I do, however, continue to recognize that the grub project is ignoring security concerns. I'm still dismayed over this, because I'd like grub to continue getting better. And I'm going to continue trying to help make it so in the foreseeable future, both regarding this problem and others, even though I understand that some times you'll refuse to take what I say into account, or make some other choice. You're free to do so, but insulting me because I mentioned when you've done so is really pretty petty. -- Peter _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
