| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: peter at adamantix.org (Peter Busser) Subject: Linux (in)security (Was: Re: Re: No Subject) Hi! > That brings up a good point. If this issue is not exploitable on *BSD > but on Linux due to a different implementation of memory handling, > doesn't that mean that Linux is generally less secure than *BSD just for > that reason? And if so, why haven't the Linux memory handling routines > been fixed/strengthened? Because Linux people in general seem to be more concerned about speed and features than about security. For example, the only reason Linux Security Modules (LSM) have been included in the kernel, is that they don't have a performance impact on users who do not load any security modules. People have objected to some of the proposed LSM networking hooks, because they could impact performance. From a performance point of view, this provides a nice way to have more security without sacrificing performance. From a security point of view, the result is not exactly what you would hope for. Obviously this affects programs that use the LSM interface. Either you limit the security functionality to what the LSM interface provides, or you forget about the LSM interface. People who maintain Linux security patches complain about it. Amon Ott, who wrote RSBAC, ported it to LSM. But he is thinking about reverting to his self-made hooks like he has done so far. The drawbacks of maintaining and applying your own hooks to the kernel more or less outweighs the drawbacks of the LSM interface. And Amon is not the only security patch maintainer to come to this conclusion. I think that is saying something about LSM. In general people seem to believe that Linux is either secure or can be made secure by removing packages and unused services. This believe that Linus is already secure makes people uninterested in security. Why improve something that is already sufficient? Besides that, it is more rewarding to write a new window manager providing more and faster flashy eye candy than to fix potential memory allocation problems that noone ever notices. Well, until it becomes a problem that is. Contrary to common believe, keeping up to date with the latest security patches is not sufficient: http://groups.google.com/groups?selm=20030525190037%2470c6%40gated-at.bofh.it If you think this is purely a Debian related problem, think again. Most software found in a Linux distribution can be found in every other Linux distribution and on *BSD too for that matter. People have argued against the effectiveness of patches like PaX ever since Linus pointed out that they do not provide protection against return to function attacks. This is probably one of the reasons that their adoption in Linux distributions has been next to zero. Stuff like RSBAC, gr-security and LIDS are nice. But one kernel bug and they are useless. Examples like the Linux ptrace() bug and the OpenBSD kernel bug where root could circumvent securelevel are examples. Kernels tend to become bigger and more complex, so the possibility for security related bugs will likely grow. People apparently do not realise that a wooden house is not sufficient to protect against the big bad wolf. And there is currently no brick house to flee to when the wolf comes... Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/
Powered by blists - more mailing lists