LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Killing bugs

Killing bugs

Posted Jul 25, 2009 0:37 UTC (Sat) by man_ls (subscriber, #15091)
In reply to: Which is which by nix
Parent article: Quotes of the week

Of course we (kernel users) don't want kernel developers to just fix a few exploited bugs as they come up. What we really want (and have got a taste of in this situation) is developers to close gaping holes and eliminate whole categories of errors. People are integrating protections against Brad's clever exploits at all levels; and as it happens the main bug exploited here had been reported by Coverity, so maybe kernel devs will listen to these reports. It might take a few more exploits but Brad has got their attention now.

We all make mistakes; good engineering should prevent known mistakes from happening again, or at least from taking down the whole system with them. Two buffer overflows is one too much. This probably means doing work at several different levels (language, compiler, memory libraries, code checkers, audit tools, security modules), but we will all be better off for the next round of attacks, which may come from less benign sources. This is the fundamental truth which we probably all knew, but had forgotten; we have to be reminded every now and then.

(Log in to post comments)

Killing bugs

Posted Jul 27, 2009 12:32 UTC (Mon) by hppnq (guest, #14462) [Link]

Of course we (kernel users) don't want kernel developers to just fix a few exploited bugs as they come up. [ ... ] We all make mistakes; good engineering should prevent known mistakes from happening again, or at least from taking down the whole system with them. [ ... ] This is the fundamental truth which we probably all knew, but had forgotten; we have to be reminded every now and then.

I think the fundamental truths here are: 1) any usable system can be abused, and 2) all resources are limited. Laws of nature.

This then means that, if you care about actual security, it is far more important to do things like kicking pulseaudio off of your precious servers and monitoring what gets run by which user. What we need are not perfectly engineered systems -- of course it helps if developers try a bit -- but fault tolerant systems.

And then, of course, there remains plenty of time and energy to discuss full disclosure, bug class reporting, static code analysis and auditing, and how useful these are or would be. That entire discussion also revolves around laws 1 and 2, and these are also the points that people will either forget or, worse, ridicule.

Oh, and make regular backups. ;-)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds