Coffeehouse Thread

16 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Linus's Security Rant ... He has a point

Back to Forum: Coffeehouse
  • User profile image
    Sabot

    Linus Torvald has passed a few comments about security which are upsetting the security crowd, hmmm I think the line when he compares the OpenBSD crowd to a bunch of "masto*(tugging)*ing monkey" got them all in a tizz.

    Read the full extract here.

    I've always thought that a balance needs to be struck between security and functionality.  The Linux crowd are all abit sensitive about ... well everything ... no wonder it's toys out of pram time. I wish the Linux crowd was abit more mature then prehaps they would get a few more listeners to what is a top-flight OS and the message about Open Source that is cool.

    There is after no such thing as 100% secure and that after all is the secure game in a nuttshell, it's a percentage game. If you are asking for money and/or pesonal details on a website you tighten it up so much that it past squeeking. If it's a intranet site about your bosses favourite tree your aren't going to bother locking it down further than the hardening wizard.

  • User profile image
    Minh

    Sabot said:

    There is after no such thing as 100% secure

    Yeah. "100% secure" has no meaning. I sometimes dream about a "A User's Manifesto" where I can enumerate my rights over my computer. I'll start.

    I) The OS shall inform me when an app tries to do squirrely stuff like install keyboard capture, network proxy, and other driver-level stuff.

    II) Regarding I), UAC doesn't count. LOL!

    III) The OS shall provide to me a way to remove an app completely easily and without uncertainty.

    IV) The Browser should follow I) but ask me twice, just to be safe.

    V) This is 2008, there shouldn't be buffer overflows anymore!

    VI) The OS SHOULD protect me (somehow) from the dancing bunnies.

    anymore?

  • User profile image
    Harlequin

    That thread is a good read so far. That pageexec guy is just pwning Linus.

    Edit:
    Geesh, they're going on about how "Microsoft hides" security problems...and at the same time they're going on about not disclosing them themselves. Am I missing something?

  • User profile image
    Sabot

    Harlequin said:
    That thread is a good read so far. That pageexec guy is just pwning Linus.

    Edit:
    Geesh, they're going on about how "Microsoft hides" security problems...and at the same time they're going on about not disclosing them themselves. Am I missing something?

    The practice of security by obscurity has been long understood as not ideal and to be avoided, however nation-states have been doing such things on a grander scales for centuries successfully. Take the Stealth plane, a recognised contributor to the end of the cold war because it signified the widening weapons gap. Can you really discount something when it works but it's not best practice? 

  • User profile image
    KevinB

    Minh said:
    Sabot said:
    *snip*

    Yeah. "100% secure" has no meaning. I sometimes dream about a "A User's Manifesto" where I can enumerate my rights over my computer. I'll start.

    I) The OS shall inform me when an app tries to do squirrely stuff like install keyboard capture, network proxy, and other driver-level stuff.

    II) Regarding I), UAC doesn't count. LOL!

    III) The OS shall provide to me a way to remove an app completely easily and without uncertainty.

    IV) The Browser should follow I) but ask me twice, just to be safe.

    V) This is 2008, there shouldn't be buffer overflows anymore!

    VI) The OS SHOULD protect me (somehow) from the dancing bunnies.

    anymore?
    Why doesn't UAC count? It prevents you from doing anything that affects the system state. You can destory your user-profile as much as you want, but you are warned if an operation is about to happen that can damage the system. Sure, the UI could be tidied up and a be ALOT more descriptive, but the principle is there.

    Kevin

  • User profile image
    Minh

    KevinB said:
    Minh said:
    *snip*
    Why doesn't UAC count? It prevents you from doing anything that affects the system state. You can destory your user-profile as much as you want, but you are warned if an operation is about to happen that can damage the system. Sure, the UI could be tidied up and a be ALOT more descriptive, but the principle is there.

    Kevin
    KevinB said:

    Why doesn't UAC count?

    It's too broad, and becomes meaning less. I rather see:

    -----
    DancingBunnies.exe is about to start monitoring your keyboard. Do you want to allow?

    [Allow keyboard monitoring]     [Don't Allow]
    -----

    than

    -----
    DancingBunnies.exe needs your permission to continue.

    [Continue]   [Cancel]
    -----

  • User profile image
    stevo_

    Minh said:
    KevinB said:
    *snip*

    It's too broad, and becomes meaning less. I rather see:

    -----
    DancingBunnies.exe is about to start monitoring your keyboard. Do you want to allow?

    [Allow keyboard monitoring]     [Don't Allow]
    -----

    than

    -----
    DancingBunnies.exe needs your permission to continue.

    [Continue]   [Cancel]
    -----
    I'd rather see dancingbunnies.exe get built in a manor that means it doesn't rely on administration scope to function.. but windows doesn't have granular access breakdown, uac just elevates the app to admin - who has admin rights over whatever.. its somewhat of an ideal to ask for that, making that happen in windows would take a lot of transition time.. and you have to think - theres probably something a lot better that could be done, and still complete in a similar transition time... (10 years?)

  • User profile image
    Minh

    stevo_ said:
    Minh said:
    *snip*
    I'd rather see dancingbunnies.exe get built in a manor that means it doesn't rely on administration scope to function.. but windows doesn't have granular access breakdown, uac just elevates the app to admin - who has admin rights over whatever.. its somewhat of an ideal to ask for that, making that happen in windows would take a lot of transition time.. and you have to think - theres probably something a lot better that could be done, and still complete in a similar transition time... (10 years?)
    I'm not sure if it's impossible. To hook into the keyboard chain, you have to call an API, right? Just do something...

  • User profile image
    figuerres

    Minh said:
    KevinB said:
    *snip*

    It's too broad, and becomes meaning less. I rather see:

    -----
    DancingBunnies.exe is about to start monitoring your keyboard. Do you want to allow?

    [Allow keyboard monitoring]     [Don't Allow]
    -----

    than

    -----
    DancingBunnies.exe needs your permission to continue.

    [Continue]   [Cancel]
    -----
    DancingBunnies would not need admin rights if it was a "normal" app.

    the problem is too many apps want admin rights, most of the time they should not need them.

  • User profile image
    KevinB

    Minh said:
    KevinB said:
    *snip*

    It's too broad, and becomes meaning less. I rather see:

    -----
    DancingBunnies.exe is about to start monitoring your keyboard. Do you want to allow?

    [Allow keyboard monitoring]     [Don't Allow]
    -----

    than

    -----
    DancingBunnies.exe needs your permission to continue.

    [Continue]   [Cancel]
    -----
    Imagine the sheer number of UAC prompts if that were the case, people complain as it is. Of course, you could have a 'Do this for all remaining admin required actions' which would be equivalent to today's UAC, but if this was checked by default, where is the security gain for the probably pretty substantial amount of work that this would involve.

    I understand what you mean, I just don't think it would be a quick solution to develop for pretty minimal payoff.

    Kevin

  • User profile image
    brian.​shapiro

    KevinB said:
    Minh said:
    *snip*
    Imagine the sheer number of UAC prompts if that were the case, people complain as it is. Of course, you could have a 'Do this for all remaining admin required actions' which would be equivalent to today's UAC, but if this was checked by default, where is the security gain for the probably pretty substantial amount of work that this would involve.

    I understand what you mean, I just don't think it would be a quick solution to develop for pretty minimal payoff.

    Kevin
    I once read an interview where Linus said "Windows is a great OS that Linux still has to catch up to"

  • User profile image
    Erisan

    brian.shapiro said:
    KevinB said:
    *snip*
    I once read an interview where Linus said "Windows is a great OS that Linux still has to catch up to"
    People have weird ideas of Linux developers. If they read LKML more they would see that there's plenty of developers with different opinions and thoughts about how things should be done. That's the salt of the open discussion.

  • User profile image
    Sabot

    brian.shapiro said:
    KevinB said:
    *snip*
    I once read an interview where Linus said "Windows is a great OS that Linux still has to catch up to"

    With Virtualization coming more to the fore I think the emphasis should turn to software rather than OS. Because we will bundle as mush or as little OS as need to make that software run with our software which is abstracted away for everything else so in-effect will become less import to have an environment running one platform or another. IT Pro skills will turn more towards using tools rather than getting to know OS inside out. But this all presents interesting security challenges as complexity increases between the abstractions will this present more options to exploit vulnerabilities? This is were developers need to understand the impact of what they are writting more than ever and continue to examine their creations to continue to insure they are safe but not placing security into context by using DREAD evaluations to understand the level of risk.

  • User profile image
    Sabot

    Erisan said:
    brian.shapiro said:
    *snip*
    People have weird ideas of Linux developers. If they read LKML more they would see that there's plenty of developers with different opinions and thoughts about how things should be done. That's the salt of the open discussion.
    Life is too serious for Linux developers, they seem to be in the middle of some kind of war.  I'm sure that coding actually pents up latent aggression hence the reason to vent it. It's healthy to have a hobby that gets you away from the computer screen, I think we should hold out a hand to our Linux brothers and sisters and take them out, buy them a few beers and get them laid! :o)  Do I get an Ah men ???

  • User profile image
    Erisan
  • User profile image
    Erisan

    Erisan said:
    Linux 2.6.26 Released 13 July

    Linux 2.6.26
    LinuxChanges 2.6.26

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.