Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux's Security Through Obscurity

Posted by CmdrTaco on from the we-all-do-it-sometimes dept.

An anonymous reader writes "The age-old full disclosure debate has been raging again, this time in no other place than at the foundations of the open-source flagship GNU/Linux operating system: within the Linux kernel itself. It beggars belief, but even Linux creator, Linus Torvalds, has advocated against the sort of openness on which Linux has thrived, arguing that security fixes to the kernel should be obscured in changelogs, saying 'If it's not a very public security issue already, I don't want a simple "git log + grep" to help find it.' Unfortunately, it's not kernel exploit writers who need to grep the changelog in order to find kernel vulnerabilities. On the contrary, it's downstream distributors who rely on changelog information in order to decide when to patch the kernels of their distributions, in order to keep their users safe."

7 of 215 comments (clear)

  1. "Sorry for RTFA"? by argent · · Score: 4, Funny

    *snort*

    And I thought I'd seen every variant on the usual Slashdot in-jokes.

    You win a gold star.

  2. Re:The idealistic young become the cynical old. by neuromancer23 · · Score: 5, Funny

    "Get off my lawn!" - Linus Torvalds

  3. Re:The idealistic young become the cynical old. by TheGreek · · Score: 4, Funny

    Not all security-related bugs are easily identifiable as such. And even if they were, and then they were marked as such, do you really want the changelog easily greppable by them?

    "Dear God, won't somebody please think of the children?"

  4. Re:There is a great quote in the thread by dotancohen · · Score: 2, Funny

    http://thread.gmane.org/gmane.linux.kernel/706950

    I think the OpenBSD crowd is a bunch of masturbating monkeys, in
    that they make such a big deal about concentrating on security to the
    point where they pretty much admit that nothing else matters to them.

    http://img136.imageshack.us/img136/7451/poster68251050mx9.jpg

    --
    It is dangerous to be right when the government is wrong.
  5. Re:Linus does not mean obfuscation by x2A · · Score: 2, Funny

    I would say that those people are the vulnerability and they're the ones that need patching. Not all vulnerabilities of a system are in the code!

    --
    The revolution will not be televised... but it will have a page on Wikipedia
  6. Re:The idealistic young become the cynical old. by dotancohen · · Score: 5, Funny

    "Dear God, won't somebody please think of the children?"

    Actually, as a kernel issue, this affects all the system threads.

    --
    It is dangerous to be right when the government is wrong.
  7. Re:Linus does not mean obfuscation by Davorama · · Score: 2, Funny

    Haven't you seen Tron?

    --

    Davo -- Free speech, free software, AND free beer.