Unsafe at any clock speed: Linux kernel security needs a rethink

Discussion in 'all things UNIX' started by Minimalist, Sep 27, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    http://arstechnica.com/security/2016/09/linux-kernel-security-needs-fixing/
     
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    731
    While Kees Cook's message is abolutely correct (that's why the Kernel Self-Protection project was founded which already yielded various security improvements in the latest kernel versions), the heading of this Ars article is rather sensationalistic and gives the impression that the Linux kernel is unsafe per se.
     
  3. Anonfame1

    Anonfame1 Registered Member

    Joined:
    May 25, 2016
    Posts:
    200
  4. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    731
    Yes, it should, particularly since many/most security improvements implemented/planned by the KSPP are motivated by Grsecurity techniques. However, I think that Grsecurity itself is not the universal solution because of too many incompatibilities.
     
    Last edited: Sep 28, 2016
  5. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    If you mention Grsecurity there you'll get down voted, not sure why but it's a very partisan crowd.
     
  6. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    Many believe in the lie that "Linux is the holy grail of security - by deafult". Try mentioning anything else and you'll crush their distorted beliefs and get agressive.
     
  7. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    Nice piece on LWN.net on the KSPP followed by a brutal back and forth between LWN staff, LWN commentators, Spender and PAXTeam. Most of the specifics is over my head frankly but it's an interesting read regardless. Surprised that there was no mention of the new Loadpin LSM in the story itself.

    https://lwn.net/Articles/698827/#Comments
     
  8. Anonfame1

    Anonfame1 Registered Member

    Joined:
    May 25, 2016
    Posts:
    200
    Spender sucks when it comes to politics. He alienates others by being an ******* and it doesnt help his cause. Unfortunately, there is bad blood between him and kernel development, and it goes way back.

    I get it though. Grsecurity/pax is fantastic and hes tired of playing games. I tend to agree that changes while positive are far from comprehensive. Its sort of like Microsoft introducing a new security feature in Windows- you have to laugh because, you know, its Windows- that little feature plugs 1 of the myriad of ways Windows can be pwned, and thats basically how Spender feels about security features being added by this new security kick.
     
Loading...