In another quickly deleted tweet from his personal account, he simply wrote:

> <spendergrsec> Comment from 2016: https://lwn.net/Articles/704336/ https://pbs.twimg.com/media/FAEbDBwWEAQsi58.png

Archives at [3] and [4].

So what does that mean? In a 2016 mailing list post [5] spender provides a checksum of his "KASLR haha 17" text file, which describes / exploits a KASLR vulnerability he was aware of at the time. Today (in 2021) the vulnerability was found by someone else and fixed upstream: [6]

The checksum is a way to prove that the file he had back then matches the fix released today, or at least to verify a string of text mentioning the problem, while withholding any actual information about the fix. He has a habit [7] of posting checksums in tweets and later revisiting them while saying "grsecurity had this fix for X months/years." In other words, government agencies and other corporations can get the fix, but everyday users cannot.

His whole business model is being bitter and hostile to Linux, while also benefiting from it. His company's paid-only patchset contains other security enhancements in addition to *unreported security issues* like this one. By hoarding vulnerabilities to his customers, he is hurting the entire Linux community. It's absolutely scummy behavior of the worst degree.

Do you know any companies that support this guy by subscribing to grsecurity patches?

(Brad is the same guy who tried to get Greg KH removed from the Linux Foundation's board of directors after the University of Minnesota fiasco and the same guy who sued someone for saying his patches violate the GPL. He lost and had to pay $250,000.)

[1] https://twitter.com/grsecurity/status/1441446002137780242 [2] https://archive.is/xYmvx [3] https://pbs.twimg.com/media/FAEbDBwWEAQsi58.png [4] https://i.imgur.com/FB9HeyI.png [5] https://lwn.net/Articles/704336/ [6] https://lists.openwall.net/linux-hardening/2021/09/24/14 [7] https://archive.is/2K7uj