Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Holes Draw Linux Developers' Ire

Posted by timothy on from the quick-draw-me-an-ire dept.

jd writes "In what looks to be a split that could potentially undermine efforts to assure people that Linux is secure and stable, the developers of the GRSecurity kit and RSBAC are getting increasingly angry over security holes in Linux and the design of the Linux Security Modules. LWN has published a short article by Brad Spengler, the guy behind GRSecurity and it has stoked up a fierce storm, with claims of critical patches being ignored, good security practices being ignored for political reasons, etc. Regardless of the merits of the case by either side, this needs to be aired and examined before it becomes more of a problem. Especially in light of the recent kernel vulnerability debated on Slashdot."

5 of 477 comments (clear)

  1. Re:Interesting point of view by IamTheRealMike · · Score: 4, Informative

    The bug mentioned in the LWN article was apparently not treated as serious by Andrew Morton and other developers on the grounds that there are far easier ways to DoS a system without using kernel exploits like that one. I don't know whether that's good or bad, but from debating things with various PaX guys myself I know they have a rather extreme approach to security (not something I'd ever give my grandma ...)

  2. Re:linux vs ??? by Homology · · Score: 5, Informative
    ok it has some problems that need to be worked out... but what are the alternatives... is this story meant to cause people to say "OMG M$ was right better contact my local sales rep" or is the community slacking???

    OpenBSD has implemented security similar to grsecurity. Note that this is part of OpenBSD operating system, so the user does not need to do anything to use it. Contrast this to grsecurity that is a set of patches against Linux kernel.

    As far as I know, only Gentoo and Mandrake supports grsecurity.

  3. Re:Interesting point of view by 10Ghz · · Score: 5, Informative
    Andrew Morton said:

    An unprivileged local user can DoS a Linux box to death with malloc and
    memset, so the RLIMIT_MEMLOCK bug isn't particularly exceptional. All the
    others require root anyway.

    I'll pass this on to appropriate people, see if we can get this all fixed
    up, thanks.
    --
    Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
  4. Re:Time for (even) better security? by krymsin01 · · Score: 4, Informative

    I may have missed the point of the GP post, but what I got from it is that if you have a couple servers runing linux, with load balancing between them, you can take on of them offline, patch it the kernel, recompile, then do the other. I don't think anything was said about not being stable.

    --
    stuff
  5. same feeling with S-ATA by davFr · · Score: 5, Informative

    I experience the same feeling with S-ATA. There is an obvious issue with the S-ATA driver, which leads to data corruption with many drives and controlers (especially the Silicon Image 3112). But rather to stick on this problem until it's resolved, developers seems to continue in the "it's the hardware's fault" kind of statements. Nevertheless, one of my colleague, a NetBSD expert, tells me that this data corruption with S-ATA does not appear on NetBSD. And when I look in NetBSD mailing lists, I found nothing about data corruption on NetBSD. So what's next for Linux?

    --
    RIP Slashdot. I used to love you. dead account - but slashdot wont let me delete it.