Contributed by jose on from the asia-pacific-tour dept.
Slides will be up soon, and your schedule here at
deadly
will be back to normal soon.
UPDATE:
Slides are up. Theo's
English slides
and translated into
Japanese
are available. Itojun's
slides
are also available now.
(Comments are closed)
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
http://grsecurity.net/PaX-presentation_files/frame.htm
Comments
By Can Erkin Acar () on
Thanks, for the link, although the content, afaik, is not different from what has been discussed/debated/beaten to death here already. I must say I am a bit disappointed, I expected more technical content...
Of course OpenBSD will never point you to them.
I could not find _any_ link to this presentation from neither PaX nor grsecurity pages (or anywhere else). May I ask where (and when and how) this presentation was announced/presented/linked-from?
g-con? probably, there are also no links from there, however.
Mailing lists? Hmm, no mailing list information on PaX homepage, nothing useful from google searches either, there is a grsecurity mailing list linked from the grsecurity page, but archives is _not_ open. Even reading the archives requires subscription. This is where I gave up, end of my time and patience, and NO, I will not subscribe to a list just to read/search the archives.
Seesh, and the PaX people complain about the _closed_ development of OpenBSD. They dont even have a public mailing list!
Contrary to the opinion of the PaX people, OpenBSD developers do not follow PaX mailing lists or such so how would they supposed to know about it, much less point it to others?
Comments
By gwyllion () on
Yesterday I discovered this presentation by accident. I search google for PaX page exec (to find the official PaX URL) and found grsecurity.urc.bl.ac.yu/PaX-presentation.ppt as the first match. I then looked at the official grsecurity website under papers and saw it wasn't mentioned there. www.grsecurity.net/PaX-presentation.ppt exists as well. Now some Anonymous Coward points us to grsecurity.net/PaX-presentation_files/frame.htm . How are we supposed to know this presentation exists, if it's not announced to the public? I also checked the grsecurity forum, but no official announcement either.
Comments
By Anonymous Coward () on
Systems Normal, All Fucked Up.
By PaX Team () pageexec at freemail.hu on mailto:pageexec at freemail.hu
the grsec site has a 'papers' section:
http://www.grsecurity.net/papers.php
2. 'no public mailing list'
you're comparing apples to oranges, everyone can subscribe to the grsec lists, you can't say the same about the internal OpenBSD mailing lists. as to why browsing is restricted, i don't know, better ask Mr. Spender.
PS: does anyone know if the pacsec presentation is available in .mgp or whatever format as well?
Comments
By grey () on
2. I think this came up because of previous 'demands' that OpenBSD development lists be open or something. Yes, it's apples to oranges comparing PaX & Grsec with OpenBSD, still seems to be happening a lot on this forum for one reason or another. At any rate, the only non-public forum I'm aware of is the hackers@ mailing list, and from what I hear it's usually pretty trivial stuff [like, travel information for c2k3 like events, that really aren't in the public interest as far as the project goes]. Some people mention icb - but last I checked, the icb service was not filtered or anything, anyone can [and has] accessed it, it being 'private' is therefore a social implication, and not a technical one; and honestly - that's probably how hackers@ is in character.
PS. Haven't seen any 'raw' mgp version yet - but put in a request or give it some time and I'm sure it would be trivial to have turn up?
Comments
By grey () on
By Can Erkin Acar () on
Yes, and the presentation was not there the last time I looked. Funny how things can change in 8 hours :)
... as to why browsing is restricted, i don't know, better ask Mr. Spender.
Although it is probably an oversight of Mr. Spender, the lists are obviously not public right now. Archives are not searchable, browsable, publicly, and I have stopped "subscribing to unknown lists just in case there is something intresting" long time ago.
Comments
By Anonymous Coward () on
Comments
By tedu () on
By gwyllion () on
Comments
By gwyllion () on
By Anonymous Coward () on
Comments
By gwyllion () on
My apologies for this mistake. Aparently I'm not the only one who looked over this entry on grsecurity website; maybe it happened because the last entry clearly states it contains the presentation slides of LSM2002, while this description is missing for the g-con2 presentation. Sorry.
Sorry, but my mother died a few years ago. No use in fucking her now. I'm not in to necrofilia.
By SH () on
By gwyllion () on
It doesn't contain an annoucement of the presentation either, only an announcement that spender would give a presentation at g-con 2: [grsec] G-Con 2 presentation
By Marc Espie () espie@openbsd.org on mailto:espie@openbsd.org
Of course, it doesn't require you to change the binary format. But duh, it also doesn't protect destructors against write.
Not surprisingly, you find these points on distinct pages, and no logic link between those...
As far as mprotect goes, wow. mprotect has GOT to work. If mprotect does not work, you lose a LOT of recent programming languages THAT RELY ON THE POSSIBILITY OF WRITING CODE SOMEWHERE, and then marking the location executable...
considering I *am* the guy who fixed gcc to handle this correctly for:
- an extension to C called nested functions;
- languages such as ada that require this;
I think I know what I'm talking about.
Removing this from POSIX gives you a crippled POSIX system. Yes, I know of several crippled POSIX systems. Those pathetic things that are marketed as `POSIX-compliant' to meet the management tag... and cannot compile a real program.
Comments
By Anonymous Coward () on
oops?
btw: you don't know what you're talking about.
thanks for your time.
Comments
By Marc Espie () espie@openbsd.org on mailto:espie@openbsd.org
It might just be that things have gone forward, and still are going forward, as far as these things go.
Maybe you don't know what's going on in current OpenBSD development ?
By PaX Team () pageexec at freemail.hu on mailto:pageexec at freemail.hu
you're telling me there's a LOT of recent programming languages that generate code at runtime... aha, so would care to give me a list of said languages and apps that are run on any significant number of systems (so that we can estimate the impact of restricting page protections by default)? off the top of my head, i can't think of a single one (java is already handled in PaX systems). on the other hand i can think of at least one widely used program that you broke for good: XFree86 modules (it's broken for good because you cannot fix the problem without changing XFree86 itself - that's not what i or you call backwards compatible, is it).
also, you're wrong on why you needed to change the binary format, it is not because of .dtors but because a.out does not allow a non-contiguous memory layout which is what you need under your approach on i386.
By DIGITAL MAN () on
Does this happen only on i386?
By PaX Team () pageexec at freemail.hu on mailto:pageexec at freemail.hu
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By ann onimous () on
little quote for you:
It ain't Braggin' if you can back it up--J.Pastorius
You're Bragging
By tony () tony@libpcap.net on http://libpcap.net
(haha :P)
By Anonymous Coward () on
Comments
By gwyllion () on
By mirabile () on
xover office doesnt work yet, we lack some
syscalls in the linuxulator.
OOo impress might work if you get OOo to work.
As for koffice, I didnt know it has a presentation
programme.
acroread-linux and xpdf are nice, too.
i prefer magicpoint/bsd xor powerpoint/win,
though I like the former more.
bsd spirit: "use the right tool for the job",
i.e. don't die while getting ppt to work on bsd hard.
By zp () on
It takes a LaTeX presentation in, for example, foiltex class,
and images in all sorts of formats, including Multiple MetaPost, and using java turns it into a PDF presentation with PowerPoint like effects. You can see examples at http://www-sp.iti.informatik.tu-darmstadt.de/software/ppower4/
I like this format the best because you can bring your presentation file to any kind of OS. All of them have a PDF viewer -- most likely Acrobat. Yet I develop the presentation on my favourite platform -- UNIX -- using the tools I know the best.
By Anonymous Coward () on
By waldo () waldo@dorkzilla.org on mailto:waldo@dorkzilla.org
By Marc Espie () espie@openbsd.org on mailto:espie@openbsd.org
One very nice feature of it is using TrueType2, and thus having a large range of very nice, anti-aliased fonts.
Now, koffice works as well, but speaking for myself, it's much easier and quicker to write presentations with magicpoint.
By Anonymous Coward () on
W^X: Read-only GOT/PLT/.ctors/.dtors
Can someone explain if/when PAX supports "Read-only GOT/PLT/.ctors/.dtors", it won't be copying W^X?
If someone attended PacSec, did Theo get into the "arms race"? I didn't see any slides mentioning PAX, and they don't deserve the free advertising.
Comments
By PaX Team () pageexec at freemail.hu on mailto:pageexec at freemail.hu