LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for September 4, 2008

The Kernel Hacker's Bookshelf: UNIX Internals

DRI, BSD, and Linux

SCHED_FIFO and realtime throttling

LWN.net Weekly Edition for August 28, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Quotes of the week

[Posted October 3, 2007 by corbet]

We must not ignore people who tell us that "there is something wrong going on here", just because they are unable to analyze it themselves. Very often where we end up saying "we dont know what's going on here" it's likely _our_ fault. We also must not hide behind "please do these 10 easy steps and 2 kernel recompiles and 10 reboots, only takes half a day, and come back to us once you have the detailed debug data" requests.
-- Ingo Molnar

I was staring in astonishment at the pending sysfs patch pile last night. Forty syfs patches and twenty-odd patches against driver core and the kobject layer. That's a huge amount of churn for a core piece of kernel infrastructure which has been there for four or five years. Not a good sign. I mean, it's not as if, say, the CPU scheduler guys keep on rewriting all their junk.

oh, wait..

Andrew Morton

For me, given my threat model and how much my time is worth, life is too short for SELinux.
-- Ted Ts'o
(Log in to post comments)

Quotes of the week

Posted Oct 4, 2007 10:40 UTC (Thu) by nix (subscriber, #2304) [Link]

This just goes to show that Ted is not a `security professional'. Kerberos V5 and IPSec were just decade-long aberrations. You need to do more than that to be a security professional.

Um.

Quotes of the week

Posted Oct 7, 2007 1:22 UTC (Sun) by jschrod (subscriber, #1646) [Link]

Actually, working 12+ years as a security professional (as an example, I designed the security policy for the external network interfaces of the European Central Bank), I think Ted is completely right. Security is a process, and he is partly right to cite threat models.

For my work at many financial institutions, MAC models are needed, and SELinux is a nice tool there to formulate resource access policies as needed. But in many (actually, more) cases, MAC is overshoot, and - likewise - formulation and maintenance of fine-grained SELinux policies cost too much to yield appropriate return in terms of risk mitigation. And that's what IT security policies are concerned with, risk mitigation, not threat prevention.

IT security is about money, and not about some abstract program behaviour. And if security costs too much, it's not worth it. (Actually, that's a general statement, beyond IT security, its truth demonstrated by the last few years of US foreign and interior policy.) IT security is a mean, not an end in itself. This is forgotten much too often.

Quotes of the week

Posted Oct 8, 2007 19:55 UTC (Mon) by nix (subscriber, #2304) [Link]

Of course I agree. (I didn't think I'd have to wave a sarcasm flag here.)

Quotes of the week

Posted Oct 8, 2007 23:40 UTC (Mon) by jschrod (subscriber, #1646) [Link]

Well, at least I misread your statement. You might want to keep in mind that many readers here are not native speakers. If you express sarcasm with subtle hints, it might not be understood by us. A smiley here and then works wonder. ;-)

Cheers, Joachim

Quotes of the week

Posted Oct 4, 2007 13:17 UTC (Thu) by intgr (subscriber, #39733) [Link]

Regarding Ingo's comment and mailing list post, am I correct thinking that SystemTap could simply replace any explicit instrumentation code that he was talking about? Or does SystemTap have significant limitations where it cannot be used?

Quotes of the week

Posted Oct 6, 2007 23:59 UTC (Sat) by man_ls (subscriber, #15091) [Link]

I'm by no means a kernel expert, but judging from what I've read, SystemTap is not an answer: it cannot be safely enabled on production systems. Otherwise you might bring your real-time banking system down while testing a supposedly secure probe. (Also, it has to be enabled on production systems beforehand.)

SystemTap hackers will tell you otherwise, so read for yourself.

Quotes of the week

Posted Oct 5, 2007 9:34 UTC (Fri) by xav (subscriber, #18536) [Link]

100% agreed with Ted.

Quotes of the week

Posted Oct 7, 2007 0:03 UTC (Sun) by man_ls (subscriber, #15091) [Link]

Ingo's mail is very interesting. He also says:
We auto-pilot through most of the day - and that very much covers routine computer/desktop usage too. Unpredictable/noisy behavior of the computer forces the human brain back into more consious [sic] activity, which is perceived as a negative thing: it's a distraction takes capacity away from _important_ conscious activities ... such as getting real work done on the computer.)
Con Kolivas used to complain that this attitude was rare on lkml, but it seems he has a worthy successor.

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds