| |||||||||||||
The 3.8 kernel is outThe 3.8 kernel is outPosted Feb 19, 2013 6:23 UTC (Tue) by baruchb (subscriber, #6054)Parent article: The 3.8 kernel is out
Small patch? You mean this? http://git.kernel.org/linus/7c45512df9. Smells like a security fix in disguise. Any more details on this "small patch"? Like what are those "very specific kernel command line options"?
(Log in to post comments)
The 3.8 kernel is out Posted Feb 19, 2013 8:51 UTC (Tue) by zwenna (subscriber, #64777) [Link]
> Small patch? You mean this? http://git.kernel.org/linus/7c45512df9. Smells like a security fix in disguise. Any more details on this "small patch"? Like what are those "very specific kernel command line options"?
In http://lkml.org/lkml/2013/2/13/149 Ingo Molnar first described his problem, mentioning these options:
CONFIG_CMDLINE="nmi_watchdog=0 nolapic_timer hpet=disable idle=poll highmem=512m acpi=off"
The 3.8 kernel is out Posted Feb 19, 2013 17:36 UTC (Tue) by iabervon (subscriber, #722) [Link]
While it's hard to say that any bug doesn't have security implications, a bug in code that is removed from memory before the kernel starts init is a good candidate. Once the kernel boots, either the state is consistent or its not, and an attacker can't do anything to make the situation worse or better. For that matter, the system is highly unlikely to manage to give any users access to anything before crashing.
The 3.8 kernel is out Posted Feb 19, 2013 17:55 UTC (Tue) by PaXTeam (subscriber, #24616) [Link]
> While it's hard to say that any bug doesn't have security implications[...]
didn't lwn's resident security experts assure us in the not so distant past that all bugs were security bugs?
The 3.8 kernel is out Posted Feb 20, 2013 0:02 UTC (Wed) by tialaramex (subscriber, #21167) [Link]
Sure, essentially all bugs are security bugs. That follows trivially from the fact that security isn't one-size-fits-all and the fact that bugs are deviations from intended behaviour. Somebody's security assumptions might have depended on the intended behaviour, the deviation violates their assumption, a security hole is a potential consequence.
We see this in real world security too. If the security policy relies on assumptions about employees obeying other policies (e.g. safety policies) then in fact those policies are an element of your security policy, deviation from them can have security consequences.
The 3.8 kernel is out Posted Feb 20, 2013 0:40 UTC (Wed) by PaXTeam (subscriber, #24616) [Link]
so 'security' isn't a well defined term but 'bug' is? but then 'security bug' should be well defined (as it's a subset of 'bug') and at the same time not well defined since it's 'security' related. logic fail i'm afraid.
The 3.8 kernel is out Posted Feb 20, 2013 1:22 UTC (Wed) by neilbrown (subscriber, #359) [Link]
> so 'security' isn't a well defined term but 'bug' is?
Good call. "bug" certainly isn't a well defined term. The distinction between "bug" and "feature" is that that later is documented. Or wanted. By someone. Hopefully.
One person's bug is another person's fascinating invertebrate.
Just like one person's security is another person's inconvenience.
The 3.8 kernel is out Posted Feb 20, 2013 2:14 UTC (Wed) by PaXTeam (subscriber, #24616) [Link]
> The distinction between "bug" and "feature" is that that later is documented.
if it was that simple... ;). the classification of some 'things' changes over time in both directions, regardless of documentation (and then to add insult to injury, there're documented bugs ;).
The 3.8 kernel is out Posted Feb 20, 2013 10:06 UTC (Wed) by dgm (subscriber, #49227) [Link]
And let's not forget bugs in documentation itself...
The 3.8 kernel is out Posted Feb 20, 2013 13:08 UTC (Wed) by nye (guest, #51576) [Link]
I'm a fan of the maxim that if the code and documentation disagree, then they are both wrong.
The 3.8 kernel is out Posted Feb 21, 2013 13:29 UTC (Thu) by nix (subscriber, #2304) [Link]
Likewise, having worked in places where I was explicitly instructed that if they disagreed, they were both right (yes, really: they contradicted each other, and disobeying the docs would cost money, so *obviously* we had to obey the docs: but changing the existing not-as-documented behaviour was out of the question! sigh.)
The 3.8 kernel is out Posted Feb 20, 2013 13:17 UTC (Wed) by Wol (guest, #4433) [Link]
You've forgotten fleas ("man mutt" for those too young to remember...)
Cheers,
The 3.8 kernel is out Posted Feb 20, 2013 5:54 UTC (Wed) by paulj (subscriber, #341) [Link]
No, a poorly defined subset of a well-defined set is still a poorly defined subset.
The 3.8 kernel is out Posted Feb 20, 2013 22:51 UTC (Wed) by PaXTeam (subscriber, #24616) [Link]
if a subset is not well defined, then the encompassing set can't be either. that's exactly the logic fail i pointed out, he assumed two contradictory things as did you ;).
The 3.8 kernel is out Posted Feb 21, 2013 1:17 UTC (Thu) by SEMW (guest, #52697) [Link]
> if a subset is not well defined, then the encompassing set can't be either
That's trivially false. E.g. 'the subset of Real numbers which have a 9 in their decimal representation' is not a well-defined subset (since decimal representations aren't unique), but the Reals are certainly well-defined. Paulj is right.
The 3.8 kernel is out Posted Feb 21, 2013 1:45 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]
the set of reals is an 'infinite set' (where the very concept of infinity itself is not well defined), whereas the set of software bugs is a finite set (because we have a finite amount of code in real life) so your (counter?) example has nothing to do with the situation under discussion. but for all i care, we can discuss infinite sets as well. start with that 'well defined' definition of reals (whose set theory are you going to use btw? ;), then also define what 'well defined' means then also define what 'defined' means. i think you're going to lose this argument, but don't let me stop you from trying ;).
The 3.8 kernel is out Posted Feb 21, 2013 3:55 UTC (Thu) by SEMW (guest, #52697) [Link]
The claim I objected to was "if a subset is not well defined, then the encompassing set can't be either". I gave a toy example to show that it's false. If I'd known you objected to almost all of modern real analysis, from infinite sets to the definition of the reals, I'd have picked a different one. (The example I gave pretty obviously works just fine with any other set as the starting point in place of the reals, finite or infinite).
No, I'm not going to teach you an introductory course in analysis in a reddit comment. Pick up a book. Suffice to say that there are several definitions of the reals and they are provably equivalent. Start at http://en.wikipedia.org/wiki/Construction_of_the_real_num... .
As for what 'well-defined' means for subsets: Let a subset X of a set S be "well-defined" iff there is a single-valued function that maps every element of S to {T,F} such that x maps to T iff x∈ X. (I'm not sure why you're asking me this now - if you didn't know what it meant, why did you make the claim you did?)
> I think you're going to lose this argument, but don't let me stop you from trying ;).
You may have a point there. I'm arguing the trivial with someone who objects to real analysis. I think I was doomed to fail before I began typing.
The 3.8 kernel is out Posted Feb 21, 2013 12:20 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]
> The claim I objected to was "if a subset is not well defined, then the encompassing set can't be either".
see, that was your problem. you picked a statement out of context and then attacked it (with a poor example at that). see my response to 'dark' below for what you missed.
PS: i'd like to see your single valued function that well defines 'bug', you'll be richly rewarded by all software companies in existence.
The 3.8 kernel is out Posted Feb 21, 2013 13:32 UTC (Thu) by nix (subscriber, #2304) [Link] PS: i'd like to see your single valued function that well defines 'bug', you'll be richly rewarded by all software companies in existence.We have one! Since every single line surely contains either a bug or a design error (given enough change in specifications over time), every line contains a bug. What we need is a way of identifying the bugs that matter now, or might matter soon. And that is harder.
The 3.8 kernel is out Posted Feb 21, 2013 13:57 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]
what is the bug in line 3 in http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;... ?
The 3.8 kernel is out Posted Feb 21, 2013 14:40 UTC (Thu) by hummassa (subscriber, #307) [Link]
It does not work.
The 3.8 kernel is out Posted Feb 21, 2013 16:01 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]
the url? works fine for me.
The 3.8 kernel is out Posted Feb 21, 2013 17:54 UTC (Thu) by jimparis (subscriber, #38647) [Link]
Well, the bug in line 3 is a clear design error. It should read "*/" and the comment should have ended there. The rest of the block comment was being used to show copyright, ownership, and changelog information, but this information is clearly incorrect (portions were written after 1992), outdated (Linus is not the sole author of that file), and incomplete (the changelog is a joke).
Now that we've gotten the pedantry out of the way, let's move on to trying to understand the point nix was attempting to make, rather than trying to disprove him with oddly specific code references.
The 3.8 kernel is out Posted Feb 21, 2013 20:47 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]
> Well, the bug in line 3 is a clear design error.
saying so doesn't make it so. prove it. getting a fix upstream would be fine. then we can move on to the remaining ones, there's quite a few more lines left in linux (nothing to say of the rest of the code we have out there ;).
> It should read "*/" and the comment should have ended there.
wrong, that line of code would also be buggy, since it's part of 'every single line', so you'd be replacing buggy code with buggy code. reductio ad absurdum, if you believe in his nutty theory, you'd have eliminate all code in existence to properly fix any bug.
>[...]let's move on to trying to understand the point nix was attempting to make[...]
he doesn't have one.
The 3.8 kernel is out Posted Feb 25, 2013 16:38 UTC (Mon) by nix (subscriber, #2304) [Link] he doesn't have one.You are, as usual, wrong.
The 3.8 kernel is out Posted Feb 21, 2013 8:09 UTC (Thu) by dark (subscriber, #8483) [Link] Hmm, let me give a more tangible example. The well-defined set: all the buildings in Helsinki, as enumerated by the post office. The poorly defined subset: all the buildings in the first set that are ugly.Surely the introduction of the second set doesn't change anything about the first set.
The 3.8 kernel is out Posted Feb 21, 2013 12:11 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]
while this is still not quite the subject under discussion (security+bugs), it's at least much closer and i can show you the problem i pointed out originally: if all buildings are ugly (cf. all bugs are security bugs) then just because a building is ugly, it doesn't stop being a building, does it? but then we have a building which is both well defined to be a building and not well defined to be ugly, despite being in one and the same set. that's the logical fail because if these two sets are declared to be equal and one set is well defined (i.e., we can tell what is a software bug, or what is a building) then so must be the other set as well (if we want the original claim of their being equal to stand), in contradiction to what tialaramex claimed. the obvious resolution of the contradiction is to realize and admit that not all bugs are security bugs but for LWN's resident security experts hell would have to freeze over for that to happen ;).
The 3.8 kernel is out Posted Feb 20, 2013 1:03 UTC (Wed) by PaXTeam (subscriber, #24616) [Link]
one more data point: https://lkml.org/lkml/2013/1/31/593 . notice how Linus differentiates between various bug classes. clearly not everything is security related (let alone equally important) according to him, regardless of whatever else he'd said in the past. so try again with this 'all bugs are security bugs' and send him a few of those irrelevant fixes next time, if nothing else, his reaction to that will teach you the difference in no uncertain terms ;).
The 3.8 kernel is out Posted Feb 20, 2013 1:05 UTC (Wed) by bojan (subscriber, #14302) [Link]
> Sure, essentially all bugs are security bugs.
The authors of this WikiPedia page disagree with you:
http://en.wikipedia.org/wiki/Security_bug
You may want to head there and fix that. Now, given that the text of the article is wrong (i.e. a bug), you may also want to alert people that run WikiPedia they have a security problem. :-)
The 3.8 kernel is out Posted Feb 20, 2013 9:34 UTC (Wed) by niner (subscriber, #26151) [Link]
No, an error in an article is not a bug according to: http://en.wikipedia.org/wiki/Computer_bug
So it can't be a security bug either.
The 3.8 kernel is out Posted Feb 21, 2013 0:53 UTC (Thu) by bojan (subscriber, #14302) [Link]
Actually, you were after this page:
http://en.wikipedia.org/wiki/Software_bug
That last thing was said in jest, of course.
The 3.8 kernel is out Posted Feb 21, 2013 7:08 UTC (Thu) by niner (subscriber, #26151) [Link]
I was pondering if I should link to computer bug or software bug. I used computer bug because we only used the term "bug" so far and the computer bug page states that a bug can either be in hardware or in software. Text or documentation are not included so that's all I needed for a nifty argument in a non-serious discussion ;)
The 3.8 kernel is out Posted Mar 2, 2013 4:13 UTC (Sat) by tialaramex (subscriber, #21167) [Link]
That's a pretty awful wikipedia page. Ah well.
I can't make enough sense of their definition to decide if it really does disagree with me though, it just thrashes about with this idea about "beneficiaries" of a bug without really making any headway. The authorised / unauthorised partition that has plagued that article over its history is a classic error of the sort that should encourage caution about the idea of "non security" bugs. If a customer has an account with us to buy vegetables they are doubtless an _authorised_ user of the purchasing system. Nevertheless I do not want them to obtain a list of everybody's financial records so the existence of an SQL injection that works only after logging into the purchasing system is still a security bug.
|
|||||||||||||