LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

KS2010: Security

KS2010: Security

Posted Nov 5, 2010 17:16 UTC (Fri) by kees (subscriber, #27264)
In reply to: KS2010: Security by mingo
Parent article: KS2010: Security

One thing I would note is that no one seems to have made the distinction between reactive security and proactive security (or I have missed it). Allowing "reactive security" to mean "security" is where the "security bugs are just bugs" culture starts from. Proactive security isn't about bugs in the code, it's about design failures. Fixing flawed design is an entirely different kind of thing.

On the reactive security front, upstream does an okay job; small obvious fixes are taken quickly, though sometimes larger fixes take some time to stew, but are ultimately taken. I'll skip talking about how fast reactive security handling by upstream has almost nothing to do with actually protecting end-users from the window of vulnerability, though.

On the proactive front, things are not as good. There has not been much distinction made between protecting userspace and protecting the kernel itself. Nearly all the proactive security work has been to protect userspace from itself, rather than protecting the kernel from userspace.

Small simple changes are done (limiting VFS, and now network, data lengths to below MAX_INT, for example), but larger architectural changes are frequently rejected or forgotten. (For example, why is module NX/RO http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-t... not in Linus's tree after 9 months? What happened to "mode 2 SECCOMP" http://lkml.org/lkml/2009/5/7/479 ?)

It seems that there is a pervasive conservatism when it comes to proactive security improvements (both userspace-defensive and kernel-defensive), and only core maintainers have the ability to change that.

(Log in to post comments)

KS2010: Security

Posted Nov 7, 2010 21:27 UTC (Sun) by foom (subscriber, #14868) [Link]

Kees just posted a blog entry and lkml post announcing an intention to work to push the grsec patches upstream:

http://www.outflux.net/blog/archives/2010/11/07/security-...
http://lkml.org/lkml/2010/11/7/113

Awesome!

KS2010: Security

Posted Nov 8, 2010 6:32 UTC (Mon) by Lionel_Debroux (subscriber, #30014) [Link]

Great :)

I posted three small constification patches to kernel-janitors and Cc LKML yesterday - but for users' protection, the authors of the patches getting in are much less important than the fact the patches _really_ get in :)
As noted by Brad above, and in my mails, non-const instances of constifiable structs have been added post-2.6.35, although these structs were already checked for by checkpatch.pl... not good.

Getting the constification patches in will reduce the number of files touched by the grsecurity patch: it's not unusual for the constification to be the only set of changes affecting a given file.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds