Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Holes Draw Linux Developers' Ire

Posted by timothy on from the quick-draw-me-an-ire dept.

jd writes "In what looks to be a split that could potentially undermine efforts to assure people that Linux is secure and stable, the developers of the GRSecurity kit and RSBAC are getting increasingly angry over security holes in Linux and the design of the Linux Security Modules. LWN has published a short article by Brad Spengler, the guy behind GRSecurity and it has stoked up a fierce storm, with claims of critical patches being ignored, good security practices being ignored for political reasons, etc. Regardless of the merits of the case by either side, this needs to be aired and examined before it becomes more of a problem. Especially in light of the recent kernel vulnerability debated on Slashdot."

8 of 477 comments (clear)

  1. Gee, maybe I should run Novell... by filesiteguy · · Score: 2, Funny

    ...oh, wait - I AM running Novell Linux. Oops. Um, I should tehn run and hide in a closet?
    Maybe I should implement security measures and have a good backup system?
    Nah!
    This kind of reminds me about all the people telling me you could die while driving a car - no s---, Sherlock! Use common sense.

    --
    The Kai's Semi-Updated Website Thingy
  2. Get over it by Anonymous Coward · · Score: 1, Funny

    Linux is the contender for replacing Windows on servers. Windows gives a notoriously low standard of security, which companies are still willing to pour $$$ into. Even Linux's bad security is good in comparison. Coupled with hardware firewalls, I feel completely confident leaving my Linux server accessible by a Wireless network.

  3. Re:Time for (even) better security? by PacoTaco · · Score: 4, Funny
    I've always found an uptime of more than a few months tends to mean that sysadmin skills are seriously lacking.

    Interesting.

  4. Re:Waaah! 3 weeks without an answer! by R.Caley · · Score: 4, Funny
    So ... rather than ask on the mailing list who is the best person for security submissions relating to whatever bug he found, he emails the top dude (during Christmas holidays no less) and then whines when no answer is forthcoming within his preferred timeline.

    I emailed Bill Gates to say that with a tunnelling electron microscope someone could adjust the logic in the CPU and DOS WindowsXP, and he hasn't answered me. Pout!

    --
    _O_
    .|<     The named which can be named is not the true named
  5. Re:Patches are in -ac7 by Anonymous Coward · · Score: 1, Funny

    No actually getting Linus/Alan Cox's attention works.

    You don't have to be a ass to do that.

    So Gsecurity guy finds a flaw and sends ONE email to report it.

    So the e-mail got lost in the shuffle, I'd bet that Linus gets THOUSANDS of e-mails in a week. Hell it could possibly got nailed by spamassasin and never made it to him.

    It's fucking stupid to assume that he ignored the issue because security issues are not a big deal.

    Linus DOES NOT EQUAL "linux".

    There are ways to deal with this sort of thing to get it resolved quickly.

    I would expect that e-mailing linus directly with cryptic e-mail titles is going to be about as usefull as e-mailing the pope about a broken window in the vatican.

    The whole thing is retarded. One e-mail gets easily lost in the noise.

  6. Re:Time for (even) better security? by naden · · Score: 3, Funny

    I've always found an uptime of more than a few months tends to mean that sysadmin skills are seriously lacking.

    Interesting

    I gave up modding for this.

    thogard: BURN !!!! :)

    --
    Funtage Factor: Purple
  7. Re:You're basically right, but... by Fulcrum+of+Evil · · Score: 4, Funny

    MS Bob, in the name of userfriendliness, asked you to change the password if you miss-typed it 3 times. No, not if you successfully logged in after mis-typing it 3 times. That's it. Three failed attempts in a row, and you can set a new password.

    In all fairness, MS Bob was never intended for corporate use. It can be forgiven for not being very secure, as the only person with access to the console is likely Melinda herself (the last active Bob user).

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  8. Re:You're basically right, but... by Blakey+Rat · · Score: 4, Funny

    Ok, I'm going to create a new rule:

    Anybody who brings up Microsoft Bob in a Linux vs. Windows discussion not only instantly ends the discussion, but loses whatever their point of view is. Blakey Rat's Law.

    Holy shit, you just complained that a product that was on the market for maybe a year and a half a *decade* ago, and intended for children and neophytes on a single-user machine, has bad security because it doesn't enforce passwords strictly? Are you serious?

    Are you so divorced from common everyday experience that you:
    1) Are still obsessed over Microsoft Bob a decade after it failed and everybody else has forgotten it?
    2) Think enough other people are still obsessed over Microsoft Bob that using it in an argument would support your point?
    3) That a security hole in Microsoft Bob is even a valid argument?

    The saddest part is that I agree with your basic argument. Security on computers, until about Windows 2000, was completely crappy across the board. It wasn't until the 21st century that people really started looking at it and figuring out ways to improve it... and I think that people are still looking in the wrong direction. (We know how to secure computers, more or less, let's work on social engineering.)

    Oh well, at least people like you keep Slashdot interesting... but, man, get a grip on reality and hang on for dear life.

    --
    Comment of the year