LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel.org's road to recovery

Kernel.org's road to recovery

Posted Oct 17, 2011 6:53 UTC (Mon) by malor (subscriber, #2973)
In reply to: Kernel.org's road to recovery by raven667
Parent article: Kernel.org's road to recovery

Unfortunately trying to separate feature from fix work didn't work as a process from the kernel developers perspective

And that, right there, is the single core problem with Linux security.

Security is hard. It means more pain during development. Separating fixes and features is a pain in the ass. But if it doesn't get done, you end up in the snarl they're in now.

Even the developers themselves can't provide secure shared access to a single Linux kernel image. How can anyone else expect to?

(Log in to post comments)

Kernel.org's road to recovery

Posted Oct 17, 2011 7:28 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]

the problem is that one person's 'bugfix' is another person's 'new feature'

especially when the bugfix can end up refactoring the code in the process.

yes, this is a big problem with Linux, but the rate of fixes (of all kinds) is the great strength of Linux. At this point nobody knows how to fix the weakness without giving up the strength. There are other OS groups (openBSD comes to mind) that seem like they follow the philosophy that you are advocating, but despite the fact that they had several years of a head start on Linux, their development models have caused them to be far less useful on current hardware. (and therefor any security benefits they may provide, far less useful)

I don't understand your comment about the kernel developers being unable to provide shared access to a single kernel image.

are you referring to the fact that there was a privilege escalation vulnerability on kernel.org? if so, any conclusions about what the problem was need to wait until we learn what happened. And in any case, the vast majority of the kernel developers were not involved in administering the systems (and note that it was several systems, not a single system)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds