Slashdot Mirror

← Back to Stories (view on slashdot.org)

Torvalds on the Linux Security Process

Posted by michael on from the lockdown dept.

darthcamaro writes "Linus Torvalds thinks that Linux kernel security disclsoure should be completely open and he really doesn't like the vendor-security model of having a time embargo on security disclosure. 'I think kernel bugs should be fixed as soon as humanly possible, and any delay is basically just about making excuses,' Torvalds wrote. 'And that means that as many people as possible should know about the problem as early as possible, because any closed list (or even just anybody sending a message to me personally) just increases the risk of the thing getting lost and delayed for the wrong reasons.'"

3 of 280 comments (clear)

  1. He's right, and here's why by Anonymous Coward · · Score: 3, Interesting
    It is very very rare that there is a security problem in the kernel that leaves you vulnerable with no work-around. Almost always, it's just a question of blocking external access to some port, external access which should usually be blocked anyway. Once that is blocked, solving the problem isn't critical. It's still important, but the net won't melt down or anything like that. Also, these kinds of things tend to get patched very quickly.


    The other reason why this is the right way to go is because we should be moving towards a model of damage containment with all forms of electronic security. Faults should be isolated. A security problem in one part of the code should not result in a total compromise of the system, even if that fault is in the kernel. That's where Linux should be heading. Part of that would be moving more stuff out of the kernel and also having less stuff running as root. The end goal would be to get rid of root entirely.

  2. No! by 91degrees · · Score: 4, Interesting

    Scenario 1: Bug is detected. Full disclosure including exploit.

    Result: Mallory uses exploit. Alice releases a bugfix, Bob applies the fix. If it takes Alice andBob longer than Mallory, the server is compromised.

    Scenario 2: Bug is detected. Kept quiet.

    Result: Eventually Mallory detects the same bug. Exploits it. Server compromised.

    Scenario 3: Bug is detected. Released only to trusted developers.

    Result: Alice releases bugfix. Announces that it fixes a security hole. Gives general details of what the bug is. Mallory has to work out the details and exploit it. This gives bob a lot more time to apply the patch than scenario 1.

    So what's so great about full immediate disclosure?

  3. Re:You should listen to him... by motherjoe · · Score: 3, Interesting

    I think your damned if you do and damned if you don't.

    Your damned if you disclose, Black Hats can read the Kernel News groups, Butraq, and other popular outlets just like the rest of us do.

    Your damned if you don't disclose and a breach occures. The public will cry, "Security through Obscurity!"

    --
    "Beer is proof that God loves us and wants us to be happy - Benjamin Franklin"