Comments

02/08/05: Linux Kernel Security is Lacking

Jason Miller wrote on Security Focus that Linux Kernel Security is Lacking.

While I don't necessarily disagree with him, I could tell from the very beginning that this was a BSD user. Not that BSD users are bad, but for some reason, whenever anybody speaks negatively about linux security, it turns out to be not Microsoft, but a BSD user. So naturally I was a little tickled when I saw this.

Although personally I'm a huge follower of BSD-based operating systems, I keep an open and analytical mind when looking at any OS.

Hey, I love BSD too, and I do also believe that the BSDs have a better security model, which is why I have a FreeBSD fileserver, OpenBSD router, and Suse Linux desktop.

And really, Jason may be on to something here.

For the BSD-based operating systems, the point of contact can be found in a few seconds by searching for the word "security" on the official web site of the associated operating system. ... As for Linux, however, one could search through several web sites such as linux.org and kernel.org, sites associated with the Linux kernel, and find nothing whatsoever related to a security contact. Even our good friend Google will lead us nowhere fast.

I can't decide if this is a fair complaint. The biggest difference between Linux and the BSDs here is Linux is just a kernel that is built into many distributions, and the BSDs are distributions in and of themselves. For many users, the instinctive place to look for security updates is the distribution's website. Of course, getting the updates is not Jason's issue. The distributions all seem to stay on top of things in this regard, upgrading their distribution's kernel quickly. The problem is not having a definitive method of reporting security issues. I have never thought of this point since I am not a programmer, or anything near what it takes to be a kernel hacker.

Ok, I think I am leaning toward agreeing with the guy. He raises a good point, and it will be interesting to see if and how the kernel developers handle it.



Comments made

Anand wrote:

I don't mean to be littering all your blog posts with comments, but this is the first place I thought to look:

http://lkml.org/cgi-bin/htsearch?words=security

You can decide how useful that link is.

02/08/05 23:05:57

wrote:

All comments are most welcome :)
I'd like to see a lot more actually.

The guy mentioned the linux kernel mailing list, but at the time of reading it, I thought it might not be an instinctive place to look. Then, after posting, I read back about how I'm not a kernel hacker, so of course it wouldn't be obvious to me.

I guess anybody who is debugging the kernel is going to be very well aware of the mailing list.

Thanks for pointing it out, and keep on commenting!

02/08/05 23:10:38

airtonix wrote:

Hey guys, im fairly new to linux...i tried a few years ago but it overwhelmed me and retreated back tot he front lines of windows(tail between my legs) trying to convince my self that it was for the better....that linux was a just a hobby.....man was i wrong.

And now that i have learnt that one of windows fundamental security flaws is the way it allows and encourages people to use their computer!!!! it's one of the most succesful viri out there, hmph getting people to pay for it!!! wow big kudos to those hermits at the microsoft basement. big ups

I'd really like to know a bit more about good usage taht lends itself to good security...if that makes sense?

cheers for the current info as well mate...

02/09/06 09:53:24

Add comment

:

:
: