Slashdot Mirror
Security Holes Draw Linux Developers' Ire
jd writes "In what looks to be a split that could potentially undermine efforts to assure people that Linux is secure and stable, the developers of the GRSecurity kit and RSBAC are getting increasingly angry over security holes in Linux and the design of the Linux Security Modules. LWN has published a short article by Brad Spengler, the guy behind GRSecurity and it has stoked up a fierce storm, with claims of critical patches being ignored, good security practices being ignored for political reasons, etc. Regardless of the merits of the case by either side, this needs to be aired and examined before it becomes more of a problem. Especially in light of the recent kernel vulnerability debated on Slashdot."
Given that I'm getting lousy uptimes on my Linux servers because of the mandatory kernel upgrades, I certainly welcome a (constructive) critical look at Linux kernel security.
see a Text Widget
but I don't really see much counterpoint. Anyone have URLs for where this has been discussed in some more depth?
Chris "Ng" Jones
cmsj@tenshu.net
www.tenshu.net
It's interesting to note that this comes out so recently after Linus was named one of ITs best managers. Lord knows he'd have to be to keep so many disgruntled people quelled. In the followup, somebody was citing as an excuse that Linus is one person and that there's only 24 hours in the day, so maybe some patches get missed. I was wondering, with all of the people he delegates to, isn't there somebody who handles all the security issues? Scroll down the LWN article, and somebody mentions that he needs a Kernel Security Officer, with no follow-up. Does Linus not have one of these guys yet?
The trade off between security versus usability/accessability begins?
Will Linux strike the perfect balance? Will Linux be taken over by a lunatic like Theo and go the OpenBSD route? Will Linux lose it's viginity to Windows and become a security nightmare? Stay tuned! All this and more on the next episode of OS wars!
You are refering to 'decent' linux setups. How many people have what you would refer to as a 'decent' linux setup. Windows could have a 'decent' security setup but most people don't go there. Linux needs the security to rock out of the box if it is to continue it's mainstream grouth without running into the problems windows has.
Evolution or ID?
...oh, wait - I AM running Novell Linux. Oops. Um, I should tehn run and hide in a closet?
Maybe I should implement security measures and have a good backup system?
Nah!
This kind of reminds me about all the people telling me you could die while driving a car - no s---, Sherlock! Use common sense.
The Kai's Semi-Updated Website Thingy
There are tons of services that you can't just pop a couple machines together and tada, they are loadbalanced. Just because its easy for simple things like http and smtp, doesn't mean its easy for everything.
For years now people have been carrying the Linux flag due to the fact that its "more secure then windows"... guess what people.. time for being an unknown, unpopular OS is at hand... welcome to being known.
OpenBSD has implemented security similar to grsecurity. Note that this is part of OpenBSD operating system, so the user does not need to do anything to use it. Contrast this to grsecurity that is a set of patches against Linux kernel.
As far as I know, only Gentoo and Mandrake supports grsecurity.
Maybe it's time everybody get off of their OS Religious High Horse and finally admited that an OS is only as stable and secure as the user who is administering it.
My Windows XP machine is solid and secure. My FreeBSD machine is solid and secure. My Windows ME machine -- well -- it runs, and it's quarenteened so I suppose in some ways it's secure.
Right now I'm installing Gentoo on a box so I'm going to see where this goes, but I am going into it with full realization that no OS is perfect, nor is it perfectly secure. This means that I'm going to take security as seriously with this machine as I do the rest of them.
Having the source to an OS doesn't make it more secure if you don't read (or understand) every line of it.
Why people think OSS is automatically more secure is something I never have really understood. There is some added comfort in knowing that most holes will be discovered and fixed promptly, but even that is an assumption one shouldn't bank on.
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
Grsecurity guys (Brad and the pax guy mostly) are dead serious. They have been researching their areas of memory management, protection and secure code for years. They really do know it pretty much all. For instance the "AMD NX protection!!!!" that the Redhat raved about was copied from Pax. (Without even crediting properly.)
They are just the sort of real gurus that can spot new vulnerabilities from code and exploit them in a matter of minutes. When Grsecurity was having serious funding problems last summer Brad was forced to sell new vulnerabilities from Linux kernel code to unmentioned blackhat companies. (Those do exist, believe me. They are doing commercial intelligence, stealing trade secrets with the knownledge..)
Those guys are technically brilliant, years ahead of what Linux stock kernel has in security features. They are just a bit arrogant and bad with people. Also at the same moment the upstream kernel developers don't like being told that their stuff is complete crap on some area. They downplay it, ignore and use the "whoareyou,Iamthekerneldeveloper,youknownothing" tactic.
Grsecurity guys could absolutely smash LSM by showing the vulnerabilities they are talking about as pocs. They are just a bit too disgusted and pissed off. There are several other areas like the exec_shield (that *is* atm getting to upstream kernel) that have big faults as well...
They could prove their other points as well.. But it would be moot since they ARE correct in any case.
Are there any distros out that include GRSecurity? I use it on all my 2.4 kernel boxes with great success and just started using it on production 2.6 systems. Overall, I find it to be very stable, and a very worth while extra layer of protection even without using the role based ACLs.
---- join dshield.org Distributed Intrusion Detec
I wouldn't be surprised if Linux is less secure than the NT kernel. NT has much finer grained access control than Linux (although not if you include SELinux), and I haven't heard anything about kernel exploits in Windows for a while (although this may be because I haven't been paying attention). The problem with Windows is all of the cruft on top of the kernel that doesn't need to be run with administrator privileges, but is, and is full of security holes.
I am TheRaven on Soylent News
The fact that it doesn't even show up in bugzilla makes me think it's still under embargo for some reason. Shouldn't the leak be sufficient reason to change their timeline? For those of us running production servers, this waiting game is more than a little inconvenient.
On a side note, from what I've seen, the exploit has only been demonstrated on uniprocessor 2.4 kernels. Anyone get it to work on an SMP kernel, or a 2.6 kernel?
With 2.6 there seems to be a bad trend towards far too much politics in the kernel. The cdrecord problems and reiser4 business (did that ever get sorted out?) together with the IMO stupid policy of putting new features in the stable branch (making deciding whether a feature can be added much harder, since it needs to be that much more stable and necessary before it can be added, but often you can't prove it's necessary without having some kernel branch running with it in) all smack of too much politics. Why can't people just concentrate on making the best kernel possible?
I am trolling
Long-time shell-provider SDF used Linux
Now, it's a 64-bit version of NetBSD.
OpenBSD claims:
"Only one remote hole in the default install,
in more than 8 years!"
Why not start with a core built for security,
- ie, rather than one built for popularity?
My two cents...
According to LWN the advisories were sent to Linus Torvalds and Andrew Morton themselves. I'll admit that I don't know jack about the inner-workings of Linux Kernel development, but one would think that something of that nature would go out to the person in charge of security related issues or even out to the distributions to get a fix circulating. I could be dead wrong and maybe Linus is just the only guy running the show and decides when he'll spend some of his time patching the kernel. This also seems as a sort of public way of the author expressing his disdain towards Linux security and as a sort of publicity for his own system. Maybe I'm just too much of a cynic, but things aren't all they are cracked up to be. Please note that I am not saying that there isn't some sort of responsibility there, but that this seems overly hostile.
Steal This Sig
So ... rather than ask on the mailing list who is the best person for security submissions relating to whatever bug he found, he emails the top dude (during Christmas holidays no less) and then whines when no answer is forthcoming within his preferred timeline. Gimme a break!
As a total noob, I went to kernel,org and found this on the first page:n g-bugs.html if you want to report a Linux kernel bug.
Please see http://www.kernel.org/pub/linux/docs/lkml/reporti
http://www.tux.org/lkml/#ss5 explains why XX doesn't answer emails - too fricking busy is the usual reason.
If I were concerned about publishing the bug, I would have asked ON THE LKML LIST for who would be the best person to submit security-related bug and patch to for the XX module.
Fine grain control != more secure.
Fine grain control doesn't realy have much to do with the kernel.
What SELinux is is Mandatory Access Controls. Or MAC
What the standard Unix (and Windows) model is discretionary access control.
What this means is that your access is based on your UID and GUID. If you have permission or not to access a file.
Mandatory Access control allows you to control access based on BEHAVIOR and other criteria.
So say your a idiot and run Apache webserver as root. If your Apache server gets attacked and successfully comprimised then if you only have DAC permissions then your system is laid wide open for attackers.
If you do the same thing with a MAC setup then even if they comprimise Apache and get root then they still can't do jack shit because you have the Apache proccess setup to only allow certain behaviors nessicary to operate itself all else access is denied and it doesn't matter if you have a UID of 0.
You can set it up so that if you log in as root thru SSH you have different access controls then when you log in thru a local virtual console or use SU to obtain it.
Windows doesn't have anything that comes close to this sort of thing.
As for the ACL's that Windows uses, Linux has those in the form of Posix-compatable ACLs.
Most distros support this, but it's disabled by default.
Why?
because it's not needed. Finer grain = more likely to fuck up.
90% of the time when a person thinks they need it, they simply aren't being creative enough to figure out a better solution.
If your smart enough to get to the point were you realy need it then you know out to turn it on, and it's very simple. Basicly it amounts to a -o remount and a couple other options.
Fedora Core3 uses SELinux by default. The Gsecurity complaints about the LSM is misguided and obsolete, it already has been used to allow things like low-latency sound server JACK setup for audio workstations and other purposes that wouldn't be possible.
This article is CRAP. It's a troll pure and simple and a way to stir up bullshit.
Linux actually has a pretty decent track record and the lack of a 2.7 development kernel wouldn't of stopped this latest flaw because it was something that existed since before 2.4 (were there always has been a development kernel).
Linux has it's security issues, always has. OpenBSD is what you use when you want something deadly secure, but it's 10x better then anything coming out of the windows world.
That's why people say that "Linux is more secure", not "Linux is the most secure OS ever made and will never have any security issues whatsoever"
This GSecurity has provided a usefull service in reporting bugs, but this isn't the first time that he has tried to drum up controversy. First time was threatening to take gsecurity down because lack of support, then the SELinux crap, and now that Linus doesn't respond to crappily labeled e-mails.
Linus gets LOTS of e-mail. It's just something that got lost in the shuffle. There are people that are incharge of this sort of thing and gsecurity should of contacted them in order to get the issue resolved quickly.
It would be like emailing billg@microsoft.com to report a bug in Windows.
Before this there was a spat over Linus disabling the ability for people to access the scsi stuff thru setuid.
This disabled the ability to burn cds as a user using certain programs.
This was done for security reasons and people Bitched and moaned how Linus +friends cared to much about security and didn't give a shit that linux would loose users because now they have to use sudo to burn cds.
Basicly.
It's blowing a problem out of porportions.
>Hi all,i b.txt ?
e l&m=110 514006004261&w=2
l &m=110 512844202355&w=2
;)
>Is there a patch to uselib() bug ->
>> http://www.isec.pl/vulnerabilities/isec-0021-usel
Date: Sun, 09 Jan 2005 17:28:35 +0100
From: Henrik Persson
To: Breno Silva Pinto
Cc: linux-kernel@vger.kernel.org
Subject: Re: patch to uselib()
It's patched in 2.4.29-rc1 and 2.6.10-ac6. A patch for 2.4 can also be found here:
http://marc.theaimsgroup.com/?l=linux-kern
and for 2.6:
http://marc.theaimsgroup.com/?l=linux-kerne
Browsing the archives usually gives you alot of answers, you know.
----------------
Cut-n-pasted from the LKML
C|N>K
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
I emailed Bill Gates to say that with a tunnelling electron microscope someone could adjust the logic in the CPU and DOS WindowsXP, and he hasn't answered me. Pout!
_O_
.|< The named which can be named is not the true named
So many people are missing the point. It's Linux, it's open source, you're not living under a Sun or MS dictatorship. If you don't like what Linus is doing, either maintain a separate set of patches or fork the kernel. I mean Jesus, SuSE patches the vanilla kernel, RedHat patches the vanilla kernel, Mandrake patches the vanilla kernel, and want to know what ... I maintain a set of patches that I apply to my SuSE patched kernel sources *SHOCK*. Just because Linus refuses a patch doesn't mean the end of the f-ing world is neigh.
If I'm running 2.6.8, and a new bug comes out, I'm forced to either A) upgrade to the most recent 'stable' kernel, introducing new features about which I know nothing, and which themselves may be security problems, or B) can hope that someone will backport the security fixes to the kernel version I'm running. I don't know enough about kernel development to patch it myself, but I can no longer just drop in the most recent stable kernel and expect it to work unchanged.
A sysadmin's most precious commodities are time and attention. With this new development model, suddenly I am forced to either pay a great deal of attention (and a great deal of time) to each and every version of the Linux kernel, or I need to pay a vendor to do it for me.
The kernel developers are, in my opinion, shirking their single most fundamental duty... to ship a stable, secure product. Suddenly, because it's easier for them, they have abrogated the fundamental contract, that they will write great software. (buggy, insecure software is not great, no matter how many features it has.) They just wave their hands vaguely in the air and say tha the distributions will take care of those problems.
Guys, it's not gonna happen. The way you get stable software is by not adding features. In your case, by branching off to 2.7, and letting us beat the unchanging (except for bugfixes) 2.6 tree to death. If you keep adding features, you keep adding bugs. That's how it works.
You had this NAILED for years and years... there is a huge community that has built up around the fundamental social contract that even numbered kernels are as stable and secure as you know how to make them, and the odd-numbered branches are the home for new code and new features. Changing that contract simply becuase it makes your lives mildly easier is a hugely destructive idea. You may save yourselves a bit of work, but you create an enormous amount of it for everyone else.
Ted T'So said:
In other words, he thinks it's perfectly fine if only 1 out of 3 'stable' kernels are actually stable.This is not acceptable.
You can bet that Bill has a big grin on his face about this one. If I want new features with my security fixes, I might as well choose Microsoft and their service packs.
Heck, they even have a QA team!
And I'll aggree with you about that mindset and hipocrisy too. That's what ticks me off too. The doublespeak and double standards, where the same thing is a hanging offense if it's in Windows, but normal and doesn't even really need a fix if it's in Linux.
But just to add a couple of minor details:
A) I'd argue that Microsoft didn't start secure and slowly get down the drain. They started by ignoring security outright.
E.g., if I remember right, for example, the file server security in NT 3.5 and the pre-SP1 NT 4.0 was entirely in the client. Yes, the client was supposed to check for itself if it's allowed to access a file, and if not, back down. However, if the client was not that nice, it could go ahead and request the file anyway... and get it.
E.g., MS Bob, in the name of userfriendliness, asked you to change the password if you miss-typed it 3 times. No, not if you successfully logged in after mis-typing it 3 times. That's it. Three failed attempts in a row, and you can set a new password.
Etc. I could go on for ever, but these are ludicrious enough to illustrate the point: MS didn't start making a compromise here and there. It outright ignored security until it bit them in the ass.
B) But to be fair, so did everyone else, and some still do.
E.g., it's not a case of Linux eventually getting as insecure as MS Windows. Linux already _was_ less secure than Windows, oh, say around the time Windows 2000 was released.
Sorry, I'll probably annoy the pinguinistas, but taking a Linux system as root online back then, meant you had a script kiddie logged in withing hours at most. _And_ most distros made the same MS mistake of installing and starting every possible service by default, and no firewall either. I know my SuSE systems got Apache, MySQL and God knows what else if I didn't uncheck those at install time.
It took some code reviews paid for by RedHat and the like, before Linux was anywhere _near_ secure.
C) Basically, sad to say, much as nerds balk at "clueless lusers" running without a firewall or MS for having exploitable bugs, most are just as clueless themselves when it comes to writing secure code.
And I don't mean just bugs or lack of communication ("oh, I thought YOUR function checked the buffer length already.") I mean outright lacking even the most elementary clue about secure design, and not giving even the bare minimum thought to what could happen.
Just as end lusers think they're safe without a firewall because they don't directly see the script kiddie breaking in, coders tend to ignore the unseen threats just as well. Mentalities like "oh, surely noone will edit the id in the URL and make themselves superuser" are the norm, not the exception. Or at most they'll repeat mantras they've heard before, without even understanding what those mantras mean.
It's not even a MS vs Linux thing. Windows, Linux, Solaris, whatever. Unless you have some security minded people trying hard to find a bug or way in, you end up with a catastrophe. The average coder's work is a heap of security holes waiting to be exploited.
A polar bear is a cartesian bear after a coordinate transform.
If you're running a server, then you should rip out everything you don't need.
... but why bother if there wasn't a problem on the test box?
If you aren't running it, you don't need to patch it.
Which only leaves the security/bug fixes for what you do run. Do I worry about a "reboot test" after I upgrade perl? No. Why should I?
On my Debian systems, the only patch that requires a reboot is a kernel upgrade.
A "reboot test" might still be a good idea, in the 0.0001% of non-kernel situations where it would show a software problem
I'd rather not reboot my boxes because that seems to be when the hardware fails. Much as most light bulbs that blow seem to blow when you turn them on.
What the standard Unix (and Windows) model is discretionary access control.
What this means is that your access is based on your UID and GUID. If you have permission or not to access a file.
You are confusing Mandatory Access Control (which Windows and SELinux both have), and Rôle Based Access Control (which SELinux has). Mandatory Access Control simply means that objects have access control associated with which is defined by system policies, rather than by users. In Windows NT, members of the Administrator group can set MAC policies. In FreeBSD (and TrustedBSD), they can be set by the root user.
Rôle base access control means that permissions can be assigned to users in certain rôles. This allows users to have different permissions depending on their current mode of operation. This is what you explained in your post.
Fine grained access control at a kernel level is always preferable to coarse-grained access control (with the possible exception of performance-critical systems), since it can always be wrapped by coarse-grained interfaces at a higher level if simplicity is required.
I am TheRaven on Soylent News
I experience the same feeling with S-ATA. There is an obvious issue with the S-ATA driver, which leads to data corruption with many drives and controlers (especially the Silicon Image 3112). But rather to stick on this problem until it's resolved, developers seems to continue in the "it's the hardware's fault" kind of statements. Nevertheless, one of my colleague, a NetBSD expert, tells me that this data corruption with S-ATA does not appear on NetBSD. And when I look in NetBSD mailing lists, I found nothing about data corruption on NetBSD. So what's next for Linux?
RIP Slashdot. I used to love you. dead account - but slashdot wont let me delete it.
- How much have you paid Linus, Alan Cox, Andrew Morton, et. al., directly?
- Did they make any promises to you about the reliability or stability of the kernel?
- Take a look at the GPL, particularly that explicit disclaimer of all warranties. Did Linus send you a certified mail letter in which he waived that clause for you?
- Did you get certified mail waivers of that clause from all the other kernel developers?
- I'm sorry, I didn't hear you the first time--how much did you pay Linus, himself, directly?
- Does Linus give you binaries only of the kernel, and thus make you dependent on him?
- Does Linus give you source code, and thus give you the option of auditing code yourself?
- Have you done your own code audit?
Just a few simple questions, really. Because before you go about saying that Linus, or any other kernel developer, or any other Free Software developer, has a duty to you, I'd like for you to know what duty means.Duty means a debt is owed.
So--as a result of the community giving you, at no cost, generous license to literally hundreds of millions of dollars of intellectual property... they owe you something? Because they gave you a gift?
I don't know where this false sense of entitlement within the community arose, but I really hope it goes away soon. You aren't entitled to anything. You aren't entitled to the sweat of my brow, the labor of my hands, the product of my mind--but when I release something under a free license, I give you those things. I say "here, have something; I made this. I want to give it to you."
And what are you doing?
Looking the gift horse in the mouth.
OK, everyone, take a deep breath, calm down, and say it with me: "Linux is not dead. This is not the death of Linux"
It's going to take more than a couple of articles to bring about the demise of Linux. There are definite reponsibilities and issues that need to be addressed in Linux, as there always will be in any project of any size. Let's all just support our OS, and make sure that we make it known that it's important to us that these issues are addressed. A few negative articles are not going to kill OSS, and Linux has a way of weathering problems. Relax, and support the developers so they can get on with fixing the problem(s).
-Jay
I bet that Linux has alot better device-support out of the box than Windows XP or Windows Server 2003 has. Windows relies on third-party drivers that may or may not work, whereas in Linux they are already in the Kernel, where they receive more attention than third-party drivers would receive. And that's thanks to Linus's stance on drive ABI's. Without that, we would have a kernel that had minimal device-support and which needed flaky third-party drivers just to get a functional system. And those drivers would only work on x86-systems. Why would the OEM's spend time developing driver for PPC or Sparc, since those are niche-systems? But since they are in the kernel, they work on more exotic architectures as well.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
But it is important to understand that one can't just pick up the "Bat Phone" and have Linus or Andrew on the other end. Those days are gone.
- sbergman27, [http://lwn.net/Articles/118251/]
These PaX "security experts" whine and complain like script kiddies. No wonder.
I think the real point is made that distro volunteers and employees are more likely to implement a patchset for security reasons. Also, this is in the best intrests of the community, by limiting the amount of direct communication forced upon our Overlord and Savior, and also because most of us are using a distro. If a distro has a security patchset and the vanilla kernel is left with holes, surely someone will take notice and go through the proper channels, doing all that hard contacting work for you.
SIGERR: laziness exceeds quota
Some of these bugs, according to the article, have been around for ages, so the new dev model isn't to blame. But Linus and Andrew didn't even respond to these critical vulnerabilities....
Just go ahead and create a 2.7 branch, and then assign a maintainer to the 2.6 branch and let it stabilize. I don't see any reason for not doing this.
Buses stop at a bus station
Trains stop at a train station
On my desk there's a workstation....
You're absolutely correct in what you say.
:)
2.6 is currently a developer's dream and an administrator's nightmare.
It is a smoking pile of bleeding edge patchwork. It can do everything in double time and brew coffee concurrently, but it cannot serve a file reliably (for example - as outrageous as it sounds that last part is actually the truth).
The absolute major top-1 problem is the huge flux of patches; 4000 changesets between 2.6.9 and 2.6.10... One kernel fixes maybe 100 bugs and introduces the same number along with a heap of new features while it deprecates a few old interfaces.
If 2.6.5 is the latest stable 2.6 kernel for one particular use (which I know for a fact that it is for some uses), you're stuck with a local root vulnerability because most likely 2.6.11 which may have a fix for this one bug will crash with that workload (as 2.6.6-2.6.10 did).
And the examples I'm pulling out here (file serving and many unstable kernels in a row) are not unreported problems. They are not new problems. They have been worked on, partially fixed, etc. etc. but with the development model as it is, you just cannot expect fixes to have a very long life-time.
It is very very sad. But I think it will change as someone realizes how bad the situation is. Probably half a year or so from now, when people start getting really annoyed that you *still* cannot route, web-serve or file-serve in any significant volume with Linux 2.6.
Until then, it's Linux 2.4 and Solaris - both slow compared to 2.6 maybe, but at least they stay up over night
Nobody contacted the vendors that I can find, or the official security reporting list for the kernel, or CERT, or any other such body as would be good practice. Apparently they lobbed a private mail at Andrew and it got lost.
The thing that is "retarded" is the fact that a huge security hole can slip through the cracks if Linus doesn't check his voluminous email.
Linux isn't just a hobby toy anymore. If Linus is holding on to things too tightly, he's doing himself and the community a disservice.
Conformity is the jailer of freedom and enemy of growth. -JFK
I bet that Linux has alot better device-support out of the box than Windows XP or Windows Server 2003 has.
Absotively.
Windows relies on third-party drivers that may or may not work, whereas in Linux they are already in the Kernel, where they receive more attention than third-party drivers would receive.
More attention than from Microsoft? Certainly. More attention from the people selling the hardware in question? I would hope not, for the company making it's sake. The fact of the matter is that it is critical to their business, and that most windows drivers work, and work well. It doesn't matter if you're OEM or retial, if you make doohickeys for Dell, and customers complain to Dell, Dell will complain to you.
When you think it over though, that makes it better not to have closed source drivers for Linux. Why? Because Linux just isn't critical to their business. Having half-assed buggy, obsolete drivers that the developers can't fix would make the situation worse, not better. Not having a stable ABI is the lesser of two evils, but it is a drawback, not a strength.
You must understand that to users, putting in a CD to install the drivers is a non-issue (particularly if the task involves installing something *gasp* inside the case). If I thought Linux could get the same level of support as a Windows driver, I would recommend he did. But if Linux was that important, they couldn't afford not to support it anyway. So by the time you have the momentum to make an ABI work, you don't need it. Ironic, isn't it?
Live today, because you never know what tomorrow brings
One has to remember that the linux exploits are much harder to actually take advantage of than the windows exploits. Linux security holes, although serious, one must first gain access to the physical terminal, then have the time needed to actually use the exploit, as opposed to writing a webpage or powerpoint file that someone merely has to open to become a zombie. Linux needs fixing at times, however the security holes are in comparison, not as serious as those Windows users encounter almost daily.
These kinds of security problems leave the door open for someone else to determine the future of Linux.
You've just handed Microsoft a huge Public Relations goodie that they can beat to death as definitive proof that Linux fails to promptly fix security bugs. And now it can be extended to a universal problem with all Open Source Software. And now everything is back to being Microsoft or Death.
Sure I exaggerate, but don't you think others will try to do the same?
I don't know if the guy from GRsecurity can be classified as an asshole or not. I have found a lot of people who do post security patches tend to be very arrogant buttholes, but I've never met the guy. So there's some room here to determine just who's the bitch now.
But if these are real security holes and have been around this long, we've lost a tremendous edge on what advantage Linux has been able to claim in the past. The door is open.
My guess is that the best candidate is going to be OpenBSD or one of the other BSD's. It wouldn't surprise me. As something goes mainstream, it's political fat starts to overwhelm it's technical agility. To prevent this you have to fight very hard. Feature Creep is one name for this phenomenon. It could be argued that Linux has become focused on providing new and interesting features over old and boring performance expectations. This is to be expected as more people start pressing for wish list features and begin to ignore the original problems of security and stability. If you've ever wanted to see this in action - watch Debian. People are bitching now that Debian Unstable should be the defacto distribution version today and just wave their hands in dismissal when someone complains about packages breaking in Unstable. Apparently they too have accepted inherent stability problems in lieu of stability.
This is dangerous for all organizations who do this. As the foundation is ignored, you will start to permit some really illusive bugs into the system.
Similar extensions can be found when comparing Debian's Stable to Mandrake et al. Debian tends to be much slower on new developments, but they have a very good track record for basic performance. Similarly OpenBSD has it's software/hardware limitations, but it's definitely secure.
And any arguements regarding the security of a system as installed from the distro-provider is pretty much BS. They have each decided to install towards a target audience. To expect to be able to execute an installation on an unprotected machine and have no security holes appear at any point in the process is more trouble than it's worth. The price of doing an installation behind a firewall is far lower and a waste of development resources.
If you don't like what Linus is doing, either maintain a separate set of patches or fork the kernel. I mean Jesus, SuSE patches the vanilla kernel, RedHat patches the vanilla kernel, Mandrake patches the vanilla kernel, and want to know what ... I maintain a set of patches that I apply to my SuSE patched kernel sources *SHOCK*.
Yes, I'm shocked that you assume people have no life and can maintain a set of patches for their kernel just like you do. Sure, with Linux, I'm free to fork it, but I'm also free to write the next great epic novel. I leave you waiting in suspense, I guess, for my novel to appear in the book stores (I hope you are patient!).
-- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
Personally, I switched from grsecurity to SELinux shortly after the incident linked above. While Brad may in fact be quite skilled, I've simply lost trust in him and, by extension, his project.
not plane, nor bird, nor even frog...
Nobody gives a fuck about MS Bob itself, but it's a glaring example of the fact that MS didn't give a shit about security to start with. It extends to all their products as well.
Want non-Bob examples?
How about the NT file security I mentioned in the same post? That _is_ a corporate product, and was pushed as a corporate product. That design is so cretinous, idiotic, lobotomized and clueless, that there aren't enough words to that effect in the dictionary to express it.
How about the password protection for MS Office documents? It could be "cracked" in milliseconds flat. In fact, at least one company selling programs that allowed people to unprotect their files went on record to say that they built a delay in their program to look like there was _some_ effort involved. And yes, those were and still are pitched at businesses, not at clueless home users. (See the "Small Business Edition" variant thereof.)
How about Hotmail? That wasn't a decade ago, and a you could access anyone else's mail on it without even much effort involved.
How about the endless stream of buffer overflow exploits in _all_ MS products, because MS cared more about benchmarks than about security? Yay, their products were a few milliseconds faster, at the cost of being insecure.
Etc, etc, etc. As I've said, the list really is a mile long.
So you can get off the high horse, you know. It's not about Bob itself. It's just a clear cut case of MS not giving a shit about security in _any_ of their products until very recently.
A polar bear is a cartesian bear after a coordinate transform.
Absolutely friggin brilliant. Because we all know no one ever fakes their idenity in IRC. You sir are a genius!
Time with some corrections for a default OpenBSD install ;-) First fingerd is not started, and has not for quite some time. Sendmail is started, but only listen on localhost. From OpenBSD 3.6 you get the question during install if you want to enable sshd. Via inetd is the following enabled : ident, comsat (mail submission), daytime and time. syslog is enabled, but don't listen on UDP by default.