flink() at last?
flink() at last?
Posted Aug 8, 2013 10:13 UTC (Thu) by khim (subscriber, #9252)Parent article: flink() at last?
I see kernel developers adopt NASA attitude: We have also found that certification criteria used in flight readiness reviews often develop a gradually decreasing strictness. The argument that the same risk was flown before without failure is often accepted as an argument for the safety of accepting it again. Because of this, obvious weaknesses are accepted again and again—sometimes without a sufficiently serious attempt to remedy them, sometimes without a flight delay because of their continued presence.
We all know what was the end result in NASA's case and I'm afraid results for kernel will be similar.
If some desired-yet-dangerous functionality is available via some backdoor it's not enough justification to enable straightforward use of it! It may be better to close the backdoor…
I wonder what kind of disaster needs to happen before kernel developers accept that fact.
Posted Aug 8, 2013 20:50 UTC (Thu)
by rwmj (subscriber, #5474)
[Link]
But Linux security is all over the place. There are surely many combinations of system calls that allow you to bypass checks and escalate privileges ("backdoors") and this is just one of them. No one has written the clever program to find the others yet, but it's just a matter of time.
Rich.
Hmmm. If there was any kind of rational model behind Linux security — for example a model with a small kernel which could be automatically proved correct — then this would make sense.
flink() at last?