After a year of development work, the KSPP patches designed to prevent stack leaks in the Linux kernel have been rejected by Linus Torvalds.
The Kernel Self Protection Project developers have been hard at work copying and pasting grsecurity code for over a year. During that time Torvalds has been too busy screaming at the USB subsystem maintainer over email to review the patches. Unfortunately for the KSPP project, he decided to re-task himself earlier today.
Due to his supreme grasp on all matters technical, Torvalds was able to review the patches without having even looked at them.
“Now, I haven’t actually seen the patches, I’ve only seen signs of them, but the signs I have seen very much seem to say ‘this is the mindless and stupid kind of crap that we should not do’.”
Instead, he offered this keen insight into the fundamental issue surrounding the attempt to eliminate an entire class of kernel security bug, “…I’m tired of these kinds of pointless things that don’t actually strive to improve on the kernel.”
Still, Torvalds didn’t leave the KSPP effort entirely without hope and even suggested a future course of action—”…why isn’t the focus of security people on tools to analyse and find problems?”
And that truly is an interesting question, why don‘t security researchers find all of the bugs and just fix them instead of patching over problems that may or may not exist?