| |||||||||||||
Defense in depthDefense in depthPosted Sep 26, 2011 14:24 UTC (Mon) by smurf (subscriber, #17840)In reply to: Defence in depth by malor Parent article: A kernel.org status update
Face it. No system out there is 100% secure. There's always be another bug to exploit to be found, the kernel is too complex for anything else.
Therefore, a good risk mitigation strategy is to reduce the attack surface. A bug is found that's only exploitable with shell code? Fine, if the machine doesn't give you a shell, you're safe. (Unless you find a bug in another program you can access which has a bug that gives you a shell.)
This is not Linux specific. Every other nontrivial OS out there exposes you to the same set of risks, more or less.
A real vote of no confidence would be if they chose to run kernel.org on *BSD
(Log in to post comments)
Defense in depth Posted Sep 27, 2011 16:14 UTC (Tue) by nix (subscriber, #2304) [Link]
A real vote of no confidence would be if they chose to run kernel.org on Windows 7.
Defense in depth Posted Sep 29, 2011 21:45 UTC (Thu) by cdmiller (subscriber, #2813) [Link]
Perhaps openbsd...
|
|||||||||||||