Linus's Thoughts on Linux Security

Rick Zeman writes: The Washington Post has a lengthy article on Linus Torvalds and his thoughts on Linux security. Quoting: "...while Linux is fast, flexible and free, a growing chorus of critics warn that it has security weaknesses that could be fixed but haven't been. Worse, as Internet security has surged as a subject of international concern, Torvalds has engaged in an occasionally profane standoff with experts on the subject. ...

His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs. This is a process, Torvalds suggested, poorly understood by his critics. 'The people who care most about this stuff are completely crazy. They are very black and white,' he said ... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"

Of course, contradictory points of view are presented, too: "While I don't think that the Linux kernel has a terrible track record, it's certainly much worse than a lot of people would like it to be," said Matthew Garrett, principal security engineer for CoreOS, a San Francisco company that produces an operating system based on Linux. At a time when research into protecting software has grown increasingly sophisticated, Garrett said, "very little of that research has been incorporated into Linux."

Nailed it

'The people who care most about this stuff are completely crazy. They are very black and white,' he said ... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"

This nails it entirely on the head, and is why a lot of security and privacy nutters gain so little traction when dealing with the masses. Security and privacy are important, but they need to be balanced pragmatically with what people actually want to do with the system.

Re:Nailed it

He gets the message but he doesn't agree with your core ideals, there is a big difference.
Also, you accused aussersterne of putting words in Linus mouth, but here you are not only doing the same but also in an arrogant and insulting fashion.
Double irony does not cancel itself out.

I think Linus point is very clear. Security has no value by itself. It is nice, but it should never get in the way of getting the job done.
This is very similar to the reasoning that is used when considering life critical application.
Safety is nice, but if it gets in the way of getting the job done the user will disable it. Therefore safety has to be added in a way that doesn't inconvenience the user.
Luckily the kernel is open sourced so if you think that you can make a more secure kernel without hurting its functionality then you can go ahead. You certainly seem to think that you know better than others and there clearly is big money in doing so.

Matt Garret?

The same Matt Garrett that accepted a shit patch and got kicked out of Intel for it? The one that fart-farts to anyone who doesn't see his point of view? The one who deems the wholy commuinty toxic and problematic?

Garrett has no business beeing anywhere near the kernel or security issues

Holy hell is slashdot pushing the anti-meritocracy agenda here.

Re:Security as a trade-off

[Shinobi]

On the other hand, OpenBSD is perfect proof that Linus is right: The trade-off is that for the increased security, you suffer in terms of the computer being useful for other things. It's useless for anyone wanting to do 3D modelling and animation for example, or working with video editing.

Re:Security as a trade-off

[LichtSpektren]

Exactly this. Windows is insecure as fuck, but people use it because their software runs on it. OpenBSD is probably unbreachable but it's terribly useless as anything but a firewall; to use it as a general OS, you have to turn a lot of its security precautions off. Linux (and by that I mean "GNU/Linux" e.g. RHEL, SUSE, Debian; not Android) gives us a healthy balance between usefulness and security. That's why almost every webserver runs Linux.

My Experience, Too

I've been involved in IT security in one guise or another since 2002. The single most important thing I have learned about IT security was learned attending a security conference where Bruce Schneider was one of the speakers. His one-sentence line has always stuck with me: "Security is a process, not a product." This one sentence changed the entire way I see security and, as a result, I am free to make better decisions about what I'm doing and why because I'm not focused on say, a firewall, or a router, but how everything in the LAN/WAN works together, balancing the needs of everyone from HR to the nerds in the darkened basement.

Yup. And when security is a key to operational

[aussersterne]

goals, this is close to what happens. Where truly "hard" computing is necessary, resources are disconnected from networks, etc. People know which side their bread is buttered on, they're not fools. Sure, security is an important "nice to have" but it's not bigger than the task at hand in most cases.

Witness how the public continues to use cloud services, social media services, online commerce, and mag-stripe credit cards, despite regular breaches. They'll bitch and moan, but they're not going to stop doing their stuff.

Similarly, notice how Linux effectively rules the world as THE key component of network and mobile space infrastructure, even dominating big chunks of consumer space (i.e. Android). And meanwhile, OpenBSD is an asterisk.

People want security, sure, but they're not going to choose to martyr themselves (or their projects or tasks) to it. Linus is a pretty smart guy at the end of the day.

Re:Linus isn't trying to make it black and white.

[The-Ixian]

Yes, I administer a small network of about 150 bodies and roughly double that number of devices.

I take security seriously.

However, there are trade offs.

For example. I *could* implement a sandbox environment for all apps, do application whitelisting, strip attachments and links from e-mails and a bunch of other stuff... but these things add complexity and reduce productivity as they inevitably run head-on into usability.

As it is, I do everything reasonable to avoid the worst, but security is definitely second fiddle to productivity.