Slashdot Mirror

← Back to Stories (view on slashdot.org)

Torvalds On Pluggable Security Models

Posted by kdawson on from the plain-speaking dept.

eldavojohn writes "The KernelTrap highlights an interesting discussion on pluggable security models including some commentary by Linus Torvalds. While Torvalds argued against pluggable schedulers, he's all for pluggable security. Other members were voicing concerns with the pluggable nature of the Linux Security Model, but Torvalds put his foot down and said it stays. When asked why his stance was different between schedulers and security, he replied, 'Schedulers can be objectively tested. There's this thing called 'performance,' that can generally be quantified on a load basis. Yes, you can have crazy ideas in both schedulers and security. Yes, you can simplify both for a particular load. Yes, you can make mistakes in both. But the *discussion* on security seems to never get down to real numbers. So the difference between them is simple: one is hard science. The other one is people wanking around with their opinions.'"

2 of 216 comments (clear)

  1. If you read all of it ... by golodh · · Score: 5, Informative
    Perhaps if people read all of Linux's email they would be more understanding and less quick to condemn him.

    His complete email reads:

    Schedulers can be objectively tested. There's this thing called "performance", that can generally be quantified on a load basis.

    Yes, you can have crazy ideas in both schedulers and security. Yes, you can simplify both for a particular load. Yes, you can make mistakes in both. But the *discussion* on security seems to never get down to real numbers.

    So the difference between them is simple: one is "hard science". The other one is "people wanking around with their opinions".

    If you guys had been able to argue on hard data and be in agreement, LSM wouldn't have been needed in the first place.

    BUT THAT WAS NOT THE CASE.

    And perhaps more importantly:

    BUT THAT IS *STILL* NOT THE CASE!

    Sorry for the shouting, but I'm serious about this.

    Al I alone in thinking that Linux basically says:

    "Look I'm no security expert, and I'd be happy to follow your collective expert guidance if only:

    (a) you could quantify what you're saying and turn it into engineering instead of a religious argument

    (b) the lot of you could agree on *one* set of guidelines/features as being best all-around

    Unfortunately it appears you can't do either. That being so, I'm not going to burn my fingers and blindly choose one security boondoggle over all the others. I'll just make them pluggable so that every one of you can have his own personal security system. End of discussion. Now go away and be happy."

  2. Re:Spot on Torvalds... by RedWizzard · · Score: 5, Informative

    So, no, security folks are not "wanking around" as some specific asshole seems to claim, they are using the best tools available to evaluate adequacy of different security solutions. Those that do not get this are not getting what security is about and what the state of the art is. These people should better stay far away from security-relevant decisions and let people that at least understand present technology in that area make the decisions. If you actually read the article instead of just reacting to the sensationalist quote you'd know that this is exactly what Linus is saying. Security people don't agree and he is not qualified to make a decision so modularization needs to stay. In the case of the scheduler he feels he is qualified to make decisions and has done so. However he does bemoan the fact that the arguments presented by the security experts often don't make a lot of sense. This is where the "wanking around" quote comes from.