Mathias Payer · Dec 21, 2018 · 9:36 AM UTC

Mathias Payer

Mathias Payer @gannimo

21 Dec 2018

The issue here is that RAP cannot be reasonably evaluated. It takes me 2min to test out LLVM-CFI: clang.llvm.org/docs/SafeStac… there's documentation and it's well tested. I was so far unsuccessful at running RAP. While I'd love to evaluate it, I have limited resources :)

Matt Denton · Dec 21, 2018 · 9:38 AM UTC

Matt Denton @MattDenton

21 Dec 2018

But you still haven’t answered whether you tried to email him? All of these problems would have been solved if he had helped, and if he didn’t, then that’s clearly his fault and you did everything you could.

Mathias Payer · Dec 21, 2018 · 9:42 AM UTC

Mathias Payer @gannimo

21 Dec 2018

I did not email him last week. IIRC we reached out ~2 years ago. He started this discussion on twitter so I continued it and asked for help. Instead of helping, he continued to insult, so ¯\_(ツ)_/¯

Matt Denton · Dec 21, 2018 · 9:48 AM UTC

Matt Denton @MattDenton

21 Dec 2018

Okay. @paxteam seems to believe differently, IIUC, and thinks that you never emailed. If you did, then I have to agree that you have limited resources, and it’s at least acceptable that you did what you did, given limited resources.

Mathias Payer · Dec 21, 2018 · 9:55 AM UTC

Mathias Payer @gannimo

21 Dec 2018

IIRC I started an email thread when he yelled at me over twitter the last time where I asked if we could meet in person to discuss (a couple of years ago?) ¯\_(ツ)_/¯ I did a quick search but don't keep very old email, so I may be wrong.

Mathias Payer · Dec 21, 2018 · 9:56 AM UTC

Mathias Payer @gannimo

21 Dec 2018

Also, I don't think our viewpoints are unmergable. These twitter discussions just end up being toxic.

PaX Team · Dec 21, 2018 · 12:06 PM UTC

PaX Team @paxteam

21 Dec 2018

what i find toxic is your personal attacks, lack of apologies when you're proven wrong and lack of responses to the apparently 'tough' questions i asked you (noexec.txt/FPValidator/your earlier RAP evaluation, etc in case you 'forgot').

Mathias Payer · Dec 21, 2018 · 12:18 PM UTC

Mathias Payer @gannimo

21 Dec 2018

My main point is that RAP cannot be reproduced or used in practice. So instead of arguing over Twitter for several days invest that time into a writeup and clean release and we'd all be happy? 👍

PaX Team · Dec 21, 2018 · 12:21 PM UTC

PaX Team @paxteam

21 Dec 2018

why do you keep spreading this disinformation? you patch in PaX, enable RAP in menuconfig and off you go. thousands of people managed to use it since 2016, one would hope with a PhD you can too. if you want something outside the kernel then you'll have to work with me.

Mathias Payer · Dec 21, 2018 · 12:24 PM UTC

Mathias Payer @gannimo

21 Dec 2018

Ok, please send me the user space plugin and a howto. My email is in my profile or on my website.

PaX Team · Dec 21, 2018 · 12:26 PM UTC

PaX Team · Dec 21, 2018 · 12:26 PM UTC

PaX Team @paxteam

21 Dec 2018

Replying to @gannimo @MattDenton

i don't distribute that (it's a commercial product for a reason), what i can do is run your tests and give you the information you need from the results.

Dec 21, 2018 · 12:26 PM UTC

Mathias Payer · Dec 21, 2018 · 12:28 PM UTC

Mathias Payer @gannimo

21 Dec 2018

Replying to @paxteam @MattDenton

That's unfortunately not going to work, we only evaluate open source implementations. But I invite you to provide the target set evaluation and do a write-up where you compare your precision against llvm-cfi

PaX Team · Dec 21, 2018 · 12:48 PM UTC

PaX Team @paxteam

21 Dec 2018

are you saying that you evaluate open source implementations but your own test suite isn't open source? i hope that was just a joke.