
Linus Torvalds Talks Linux Security at LinuxCon - kercker
http://www.eweek.com/enterprise-apps/linus-torvalds-talks-linux-security-at-linuxcon.html
======
riskable
Why do I keep seeing Heartbleed and Shellshock mentioned in articles
specifically about Linux security? Those two vulnerabilities had nothing to do
with Linux.

Software using OpenSSL or bash on _any_ platform were vulnerable. That
includes Macs and Windows.

Linux is extremely popular for servers and embedded systems where OpenSSL and
bash are common but bringing them up every time "security + Linux" are
discussed is a bit like talking about tires that blow out whenever the topic
of logistics comes up.

~~~
UnoriginalGuy
So by that logic, it is unfair to criticise flash and or Java as Windows
security issues?

It seems like Linux people want to shift the definition of "Linux" between
only the kernel and the entire OS when it is convenient. In this case we're
shifting down the definition to "kernel only" so we can avoid talking about
Linux (the OS's) potential security issues.

Heartbleed and Shellshock are Linux (OS) issues. Just because that same
software may ship on BSD and OS X is entirely irrelevant. Linux was still by
far the largest target (just like Windows is the largest target of cross-
platform Java vulnerabilities).

Linux as a kernel is pretty freaking secure. Linux as an OS has a lot of
issues, and many (most?) popular distributions are a large part of why (e.g.
SELinux is often disabled by default and a lot of packages are incompatible, a
lot of services run as root by default, a lot of packages are installed by
default (not the minimum), etc).

~~~
mhurron
> So by that logic, it is unfair to criticise flash and or Java as Windows
> security issues?

Uh, yes. They are not Windows security issues.

> Heartbleed and Shellshock are Linux (OS) issues.

No they were not. Run OpenSSL on Windows and you were just as vulnerable to
Heartbleed, same as if you ran bash as a CGI service on Windows, or OSX or BSD
or VMS or ...

> shift the definition of "Linux" between only the kernel and the entire OS
> when it is convenient.

No they don't, Linux the OS makes sense in some circumstances, not in others,
this is one of those times where it doesn't since we're talking specifically
about Linus' work.

------
mrweasel
>Most of the security issues we've had in the kernel have been just completely
stupid bugs...

Wouldn't that be an argument to be more stringent in reviewing and auditing
the kernel code? I don't know to which extend they already do audits, but if
you find a bug of a certain type, maybe consider combing the tree for other
instances of that type of bug. I believe that's the approach OpenBSD has
taken.

~~~
aidenn0
My very first mentor responded to me calling something "just a stupid bug" by
saying "Almost all bugs are stupid." His point was that even the most talented
programmers will make stupid mistakes and stupid bugs are capable of passing
through large levels of code review.

Things like inverting the logic in one case of a complex conditional, or copy
paste bugs like:

    
    
        z1 = x1 + y1;
        z2 = x2 + y2;
        z3 = x3 + y1;
    

Are very hard to see. We have lint tools to catch a lot of them (e.g. a single
'=' in a conditional), but at some point the tool lacks sufficient semantic
understanding to catch everything.

~~~
neppo
That's a very common error and is called the last line effect:
[http://www.viva64.com/en/b/0260/#ID0E5HAE](http://www.viva64.com/en/b/0260/#ID0E5HAE)

------
Gravityloss
(by the way the article is dated August 2015)

I love the tone here. Not promising the moon.

Everybody knows there will be bugs. In general it's just that dance that you
have to do around that, that you can't admit it.

Same about planning ten years to the future. Maybe you could give scenarios.

I guess he's expecting quite a lot from the audience.

------
fulafel
I propose a corollary to the "bugs are shallow" quote: "Given enough code
output, all programmers are stupid"

------
teamhappy
Here's the video:
[https://www.youtube.com/watch?v=5xKXHavHJ7U](https://www.youtube.com/watch?v=5xKXHavHJ7U)

------
ak217
Related to the recent interview notes by Brad Spender:
[https://grsecurity.net/~spender/interview_notes.txt](https://grsecurity.net/~spender/interview_notes.txt)

IMO it's scary to hear Linus say that "security is just stupid bugs" and that
he doesn't think about containers much (container/namespace security and
functionality is a big and quickly emerging part of the kernel security
landscape). Call it a lack of vision or whatever, but I think he should be
doing more to architect for security and to recruit, place and reward talented
people into security lead positions in the kernel community.

~~~
akiselev
Which implementation of containers are a "quickly emerging part of the kernel
security landscape"? Im seriously asking because cgroups and jails have been
around for a very long time and, unlike LXC so far (for all intents and
purposes, given that Docker is the most popular implementation), actually
provide real security instead of dependency and devops management poorly
disguised as security.

Maybe times have changed in the last year since I've used LXC containers, but
when I explored them they were about as secure in practice as a paper bag is
waterproof.

~~~
jitl
Windows is doing a lot of work using their hypervisor to secure parts of the
kernel -- This talk from Blackhat 2015 has some really cool details:
[http://www.alex-ionescu.com/blackhat2015.pdf](http://www.alex-
ionescu.com/blackhat2015.pdf)

