LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel.org's road to recovery

Kernel.org's road to recovery

Posted Oct 13, 2011 18:32 UTC (Thu) by raven667 (subscriber, #5198)
In reply to: Kernel.org's road to recovery by malor
Parent article: Kernel.org's road to recovery

And it makes the Linux kernel look more secure than it actually is, which is another form of lying by omission.

I just have to respond to this one thing. The kernel announcements and general discussions have been pretty open about the belief that it is _less_ secure than many people would like. Just the other day in a discussion about containers and namespaces, major kernel developers comment was that it wasn't worth the effort to increase security separation between containers because there will always be local root exploits that will break separation.

The kernel developers do not appear to be trying to claim more security by omission, they are explicitly claiming less.

(Log in to post comments)

Kernel.org's road to recovery

Posted Oct 14, 2011 1:29 UTC (Fri) by malor (subscriber, #2973) [Link]

major kernel developers comment was that it wasn't worth the effort to increase security separation between containers because there will always be local root exploits that will break separation.

Well, that's good in the sense that they're admitting there's a big problem. But I would argue that if they can't keep user accounts secure from gaining root access, then there's really not much point to even HAVING user accounts. If your summary is accurate, there's no way you can safely use Linux to share access between potentially hostile accounts on one kernel. You can sorta do it through virtualization, but running an entire kernel per user is a hell of a lot of overhead to carry around.

Security is probably the hardest problem in computing, and if they are indeed saying "there will always be root exploits", it sounds like they're giving up on the idea entirely. They want to make it go fast, and security be damned.

This is something that people need to be very aware of; that wording makes it sound like they're throwing in the towel. If so, Linux is no longer appropriate for many use cases, particularly when lives are at risk.

Kernel.org's road to recovery

Posted Oct 14, 2011 3:10 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

they are working to fix any problems they find as fast as they can.

the kernel developers are not giving up.

there was one person who made the claim in the discussion on containers that containers were not good enough, but on the other hand, I'm one of the people who says that virtualisation isn't good enough isolation for some applications due to possible bugs in the hypervisor. It all depends on how much security you are going for.

This is part of the reason that SELinux is optional.

Kernel.org's road to recovery

Posted Oct 14, 2011 7:14 UTC (Fri) by anselm (subscriber, #2796) [Link]

Security is probably the hardest problem in computing, and if they are indeed saying "there will always be root exploits", it sounds like they're giving up on the idea entirely.

Not necessarily. Maybe they're just being realistic while they're trying to fix problems as they are discovered (and prevent them where they can).

With a program of the size and complexity of the Linux kernel, I would be very sceptical of anybody claiming the logical opposite, namely that »there will never be even a single root exploit«. Not even the OpenBSD folks subscribe to that kind of hubris ;^)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds