Ignoring the fact that this article suffers from severe lack of expertise (~"linux (the kernel) suffered from heartbleed"): The article is playing extreme positions against each other. Yes, when I am in charge of a company's security, I'd want my users to require root access (i.e. my blessing) when they want to join unknown networks - no, I would not want my parents to require my help when they want to connect to a wireless network at an airport when waiting for their flight into their holidays.
A pragmatic solution to this is a configurable policy that is determined at boot time (and immutable ever after). There is no need to discuss with the aim to reach an agreement - requirements differ and for a lot of use-cases "I don't care" is just as OK as "no fscking way" is for others.
That sounds a lot like the securelevel [1] features the BSDs have. A coarse-grained system that locks a system down with progressively stronger and stronger controls. There have been occasional discussions on the kernel mailing list on adding such a feature, but at the moment, Linus prefers the capabilities system. A shame, really, because having something to disable activities that people wouldn't do in a production system would be useful in a lot of circumstances.
This reeks of some kind of PR hit, but there's no obvious candidate for the source or motivation. The reporter gets some simple stuff wrong, like "The Linux kernel runs on the New York Stock Exchange", as opposed to a more correct usage of "Linux runs the NYSE trading" or somesuch.
It also reeks of he said/she said journalism, but the kind where you're supposed to figure out whether "he" or "she" said the truth, while the reporter mains a kind of false objectivity.
THe article seems to miss a crucial point: if everything is so screwed up, why it has been the dominant technology for 24 years? I mean, we are all still there alive and breathing.
That reminds me of when people used to say, "No one got fired for choosing IBM". Security is an area that Linux has been, and still is, weak at. There needs to be a more concerted, consistent effort to analyze code, especially old code, for security bugs. There needs to be someone a bit grumpy and a bit fucking crazy to nudge Linus and ask if there's a more secure way of doing something.
There are also areas that Linus needs to be more forthcoming about. There needs to be some notification on security holes, so firewall vendors, etc, can develop rulesets to detect and block exploitation attempts before they happen. Additionally, not notifying of security holes makes it harder to analyze whether or not one should expend the resources in testing/deploying a new kernel, or even where to start work on backporting. His desire for security by obscurity is a huge problem here, and really does need to be fixed.
This article is so poor, it's not worth reading. I know the author and publication usually have no idea what they're talking about, but if their whole point is based on their misunderstanding, then the article is just garbage. Heartbleed and shellshock have nothing to do with the Linux kernel.
If you look at what the experts say in the article, I don't think any of them say anything that means "Linux is fast, flexible and free. That comes with a security cost". In fact, I'm not sure the author of the article is even saying that, although they're certainly trying to cash in on some fear. This title is misleading.
Ultimately, I think the message of this article, that Linux out of the box isn't inherently secure, and the culture around Linux needs more focus on security, is true. But it's also being said in a vacuum, with no comparison to other platforms. Certainly the experts in question were right to have concerns about Linux security, but I'd put bet money on the assertion that they have even greater concerns about, say, Windows.
And finally, some of the problems being blamed on Linux are actually problems with the tooling around Linux and the platforms Linux is being run on. Android is inherently always going to be insecure as long as it's running with GSM, which is fundamentally broken. Heartbleed was an OpenSSL bug. And Linus is absolutely right that if you are running Linux in a nuclear power plant, you absolutely shouldn't connect it to the internet.
That's different from saying that fast/flexible/free is coming at the cost of security. The cost wording makes it sound a) causal and b) unique in this property compared to other options.
There are security weaknesses in Linux that could be fixed but haven't been. The same is true of Windows, MacOS, iOS, etc.
That's different from saying, that if you choose Linux, you have to pay the cost of lowered security.
If you know what I mean, why are you correcting me? I haven't failed to communicate my point, and you're adding noise to the signal of the conversation.
I suspect you think this makes you seem more intelligent, but in reality, it makes you seem socially inept. Don't be that guy.
I didn't mean to offend you. I just wanted to point it out for future reference. Simmer down and learn to take a correction.
> I suspect you think this makes you seem more intelligent
Nope, I'm just a Mac developer. I use OS X every day. MacOS was non-Unix operating system that ran on a PowerPC architecture. You were very far off
> it makes you seem socially inept
If you called Windows 10, Windows XP it would not be socially inept to correct you unless you were not in the tech industry. However, since this is HN, I assumed you could handle it. Sorry!
> Android is inherently always going to be insecure as long as it's running with GSM, which is fundamentally broken
So because of the mostly theoretical threat of baseband vulnerabilites, we shouldn't bother securing the software running on the application processor? What if I told you that x86 suffers from similar "there's an omnipotent co-processor with access to your memory" issues?
> So because of the mostly theoretical threat of baseband vulnerabilites, we shouldn't bother securing the software running on the application processor?
There's nothing theoretical about the attacks on GSM: there are many attacks which have been demonstrated in the wild. [1][2] [3] And while there is a hypothetical vulnerability in the fact that closed-source processors may be backdoored, at least the AES instructions included in x86 haven't been broken yet. A comparable attack to the GSM attacks would be something like viewing a plaintext transmitted over 802.11i, which, as far as I know, hasn't happened yet.
That's a pretty horrible article. There are security extensions to Linux like SELinux. There is nothing stopping anybody from forking Linux into a more secure version. That would be the best way to solve the problem.
The only result of this article is that I have a lower opinion of The Washington Post than I used to.
Well, Grsecurity did maintain their own Linux fork for the past ten years with an excellent security track record. The issue is that mainline is not interested in merging it, leaving most users vulnerable (since using a Linux fork in a production environment is something most users aren't going to do, even if there are clear benefits).
When Linus says "To me, security is important. But it's no less important than everything else that is also important!"
I believe him, but now I'm not so sure anymore with this article. This is a very disconcerting about the linux kernel, I'm totally freaked out by this article. I didn't realize that the state of security with linux has come to this.
My first linux distro was redhat 2.0. And now after almost 20 some years of using linux, I'm now going to have to switch back to Microsaft Windows!
23 comments
[ 4.2 ms ] story [ 46.8 ms ] threadA pragmatic solution to this is a configurable policy that is determined at boot time (and immutable ever after). There is no need to discuss with the aim to reach an agreement - requirements differ and for a lot of use-cases "I don't care" is just as OK as "no fscking way" is for others.
[1] http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man7/...
It also reeks of he said/she said journalism, but the kind where you're supposed to figure out whether "he" or "she" said the truth, while the reporter mains a kind of false objectivity.
All in all, not a service to anyone.
There are also areas that Linus needs to be more forthcoming about. There needs to be some notification on security holes, so firewall vendors, etc, can develop rulesets to detect and block exploitation attempts before they happen. Additionally, not notifying of security holes makes it harder to analyze whether or not one should expend the resources in testing/deploying a new kernel, or even where to start work on backporting. His desire for security by obscurity is a huge problem here, and really does need to be fixed.
I understand your point, but why is Windows a thing?
The malware problem did not affect Windows' popularity either.
Ultimately, I think the message of this article, that Linux out of the box isn't inherently secure, and the culture around Linux needs more focus on security, is true. But it's also being said in a vacuum, with no comparison to other platforms. Certainly the experts in question were right to have concerns about Linux security, but I'd put bet money on the assertion that they have even greater concerns about, say, Windows.
And finally, some of the problems being blamed on Linux are actually problems with the tooling around Linux and the platforms Linux is being run on. Android is inherently always going to be insecure as long as it's running with GSM, which is fundamentally broken. Heartbleed was an OpenSSL bug. And Linus is absolutely right that if you are running Linux in a nuclear power plant, you absolutely shouldn't connect it to the internet.
There are security weaknesses in Linux that could be fixed but haven't been. The same is true of Windows, MacOS, iOS, etc.
That's different from saying, that if you choose Linux, you have to pay the cost of lowered security.
I suspect you think this makes you seem more intelligent, but in reality, it makes you seem socially inept. Don't be that guy.
> I suspect you think this makes you seem more intelligent
Nope, I'm just a Mac developer. I use OS X every day. MacOS was non-Unix operating system that ran on a PowerPC architecture. You were very far off
> it makes you seem socially inept
If you called Windows 10, Windows XP it would not be socially inept to correct you unless you were not in the tech industry. However, since this is HN, I assumed you could handle it. Sorry!
So because of the mostly theoretical threat of baseband vulnerabilites, we shouldn't bother securing the software running on the application processor? What if I told you that x86 suffers from similar "there's an omnipotent co-processor with access to your memory" issues?
There's nothing theoretical about the attacks on GSM: there are many attacks which have been demonstrated in the wild. [1][2] [3] And while there is a hypothetical vulnerability in the fact that closed-source processors may be backdoored, at least the AES instructions included in x86 haven't been broken yet. A comparable attack to the GSM attacks would be something like viewing a plaintext transmitted over 802.11i, which, as far as I know, hasn't happened yet.
[1] http://www.gsm-security.net/faq/gsm-a5-broken-security.shtml [2] http://www.techrepublic.com/blog/it-security/gsm-encryption-... [3] http://yro.slashdot.org/story/13/12/14/0148251/nsa-able-to-c...
The only result of this article is that I have a lower opinion of The Washington Post than I used to.
I believe him, but now I'm not so sure anymore with this article. This is a very disconcerting about the linux kernel, I'm totally freaked out by this article. I didn't realize that the state of security with linux has come to this.
My first linux distro was redhat 2.0. And now after almost 20 some years of using linux, I'm now going to have to switch back to Microsaft Windows!