Re: thoughts on kernel security issues

From: Linus Torvalds
Date: Thu Jan 13 2005 - 17:49:11 EST

Next message: Brian Waite: "[PATCH] ppc: fix powersave with interrupts disabled"
Previous message: Andrew Morton: "Re: [Evms-devel] dm snapshot problem"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Dave Jones: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 13 Jan 2005, Alan Cox wrote:
>
> On Iau, 2005-01-13 at 21:22, Linus Torvalds wrote:
> > Are there advantages and upsides? Yes. Are there disadvantages?
> > Indubitably. And anybody who disregards the disadvantages as "inevitable"
> > is not really interested in fixing the game.
>
> So the next time I find a remote root hole I should post an exploit
> example targetting kernel.org to the linux-kernel list ? Now where are
> you going to publish the fix - bk is down, kernel.org is down ...
>
> Disclosre isn't quite as simple as you'd like.

This is like saying "somebody will do the bad thing, it might as well be
me". I don't believe that is a basis for doing things right.

First off, I've tried to make it clear that while I believe in openness,
my beliefs are not exclusive to anybody elses beliefs. I'd rather see
shades of gray than absolute black-and-white.

Secondly, I'd much rather have the mindset where we try to minimize the
likelihood of a catastrophic failure. That includes having many
_different_ ways of gettign things out: Bk, tar-balls, email. Diversity is
a _fundamental_ security strength. It also includes having diversity in
other areas, ie multiple architectures.

I see vendor-sec as trying to treat the symptoms. It's a "take two
aspirins, call me in the morning". And you seem to not even want to
discuss treating the disease - and vendor-sec is PART of the disease. It's
the drug that people get addicted to when they decided to treat the
symptoms.

I think Linux - just by the source being open - has one real treatmeant to
one fundamental -cause- of insecurity, namely "we don't care, and we'll
put our heads in the sane". Open source just doesn't allow that mentality.

And similarly, I think truly open disclosure is another fundamental
-treatment-, in that it doesn't _allow_ the mentality that vendor-sec
tends to instill in people. Well, maybe not "treatment" per se: it's more
like admitting you have a problem.

It's like alcoholism. Admitting you have a problem is the first step.
vendor-sec is the band-aid that allows you to try to ignore the problem
("I can handle it - I could stop any day").

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Brian Waite: "[PATCH] ppc: fix powersave with interrupts disabled"
Previous message: Andrew Morton: "Re: [Evms-devel] dm snapshot problem"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Dave Jones: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]