On Fri, Nov 16, 2001 at 10:55:13AM -0800, Crispin Cowan wrote:
> >>>If your network code has overflowable buffers or format bugs, and you
> >>>are employing non-executable stack (OWL) and heap (PAX) protection, then
> >>>
> >I also wonder when people stop associating the optional and relatively
> >unimportant kernel hack I did with Owl which is our distribution. ;-)
> >
> When you give it a name that holds still and is easy to remember. Last
> time I called it "OpenWall", and you chided me and (IIRC) asked me to
> call it "OWL". I'll call it anything you like except "StackGuard" :-)

I could never ask you to call the kernel patch Owl. It's maybe 100
times smaller (comparing the amount of patches and own code only).

I did ask you to not call it plain "Openwall", which refers to the
team and not a piece of code (let alone kernel hacks).

> This is actually a generic comment to the developers of the world: name
> your works. It is a great pain in the butt to try to refer to someone
> else's work as "Smith and Jones' hack of 1998 for secure gnus". Make
> your work hard to refer to, and people will either not bother, or do it

I myself don't count this kernel patch as a significant development I
did. It just got very popular, maybe too popular. And, speaking of
my kernel patches, probably more important are fixes to problems with
the kernel itself. Most got in, some remain in the patches and that's
why I wouldn't feel comfortable running an unpatched kernel, -- with
an overflowable printk.

> badly. For instance, "Janus" is much easier to cite than "Wagner's
> type-checking format string detection hack of 2001." Some tips on naming:
>
> * Don't just use a proper or common noun: that makes it hard to
> search for.
> * Use a made up word or phrase, and google will lead people right to
> your work, regardless of what some domain squatters may try to do :-)
> * Search for your name before you commit to it. There are now two
> projects called "Mason" (a firewall builder, and some other kind
> of web thingie)

Yes. Unfortunately, anything non-trivial tends to get abbreviated,
which isn't really searchable for either. For example, few people
would say Openwall GNU/*/Linux while the official abbreviation, "Owl",
is too short to search for. It's about the same for Red Hat Linux and
"RH". We did try to think up a better name, but, well, failed. ;-(
The distribution is going to be the primary project released under
Openwall, so I think that is acceptable.

As for the kernel patch, I really didn't bother thinking up a name.
It just didn't seem to be worth it.

> Returning to Solar's fine work: the main problem is that he's done so
> many things, and they're all (more or less) associated with the phrase
> "open wall" in some form or another. I don't know how to distinguish
> between the non-executable stack patch, they link-following protection
> patch,

You don't need to distinguish between these two. If you do, then just
say what you mean. A reference to Openwall isn't required at all, those
are just hacks and the symlink following is in fact originally Andrew
Tridgell's and not mine (but it has changed with years).

> and the distribution.

Easy. When you say Openwall Project's kernel patches, everyone knows
what you mean. But saying "Owl" like you did above is an explicit
reference to the distribution.

-- 
/sd

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]