LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Killing bugs

Killing bugs

Posted Jul 27, 2009 12:32 UTC (Mon) by hppnq (guest, #14462)
In reply to: Killing bugs by man_ls
Parent article: Quotes of the week

Of course we (kernel users) don't want kernel developers to just fix a few exploited bugs as they come up. [ ... ] We all make mistakes; good engineering should prevent known mistakes from happening again, or at least from taking down the whole system with them. [ ... ] This is the fundamental truth which we probably all knew, but had forgotten; we have to be reminded every now and then.

I think the fundamental truths here are: 1) any usable system can be abused, and 2) all resources are limited. Laws of nature.

This then means that, if you care about actual security, it is far more important to do things like kicking pulseaudio off of your precious servers and monitoring what gets run by which user. What we need are not perfectly engineered systems -- of course it helps if developers try a bit -- but fault tolerant systems.

And then, of course, there remains plenty of time and energy to discuss full disclosure, bug class reporting, static code analysis and auditing, and how useful these are or would be. That entire discussion also revolves around laws 1 and 2, and these are also the points that people will either forget or, worse, ridicule.

Oh, and make regular backups. ;-)

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds