GrSecurity Malicious Intent

Posted: 28 April 2016

On the 26th of April, well-known security suite GRSecurity received a bug report on Twitter ( link), showing that a patch in the newest version harmed the Linux kernel and caused a kernel panic to be done when executing a common command. After this, the user was blocked from posting to their twitter, was blocked from even accessing the website, and @grsecurity was set to private. A user who liked the tweet by the reporter was also blocked (linked in the original hyperlink).

Of course, they said it would be fixed in the next publication of the software. They said this after they blocked everything. They also insulted the bug reporter, calling him pompous and a know-it-all.

This behavior is incredibly odd, of course. This raises suspicion in what exactly the reason behind hiding and insulting is. It could very well be that they are purposefully adding malicious patches into the code. This is just speculation, but it could be the case. I can think of no other reason for the odd behavior. Bugs in code are found all the time, and fixed. This person obviously was not trying to be pretentious, nor was he attempting to call out the software. Grsecurity blocking him alone would cause some minor glances, but now that they are blocking anyone that likes the tweet... this shows something is up.

Another dick move (and a move that implies malicious intent) is that they are forcing companies to pay extra for the fixed version. They are in the full legal right to do so, but the fact they are shows they may be inserting bugs purposefully. In addition to this, they have forced distros to use the testing version over the stable. The forcing of testing also seems to be that they are breaking the testing version so the user can buy the stable version. As a whole, all this implies malicious intent, but even if any point I have made here can be disproved, it is just a dick move and great inconvenience to the user on purpose.

Something truly funny about this while affair is that they blocked the user from accessing the program at all, saying "Good luck using it". What they don't seem to realize is that despite being behind a paywall, GRSecurity is free software. There is nothing stopping him from now forking the full version of the software, with the fix, and telling others to now use this software instead of the version horded by moronic and uptight assholes.

TL;DR: You should stop using GRSecurity until this mess is solved, and see if the broken code was done with malicious intent. Also, I highly recommend that you fork the software, with his fix, and publicize that you have it. If the bug-finder is reading this, you should do it as soon as you possibly can to spite these dicks.

This also shows the difference between Open Source and Free Software. Open Source says that showing the source results in a better product. You can clearly not the case in this instance. While licensed GNU GPLv2, the software is buggy. Free Software advocates do not say that their code is superior to alternatives just because it is free software . So remember, even if it is Free Software, it doesn't mean it is good. Sometimes, like in this case, it could also be malicious.

You can read more about this exploit in GRSecurity here ( link).