[Hamara-devel] The kernel of argument - an article on linux security, its reach

[shirish]

addition at bottom :-

On 11/17/2015 11:22 PM, shirish wrote:
> Hi all,
>
> The one which I'm going to link is really longish so have something hot
> or cold and take time out as it's going to take quite some time to read it.
>
> http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/
>
>
> The great thing about the article is that people who deny or live in
> denial that GNU/Linux is big has been proved wrong.
>
> As far as security on the kernel is concerned, I *think* the author got
> it right. A big part of the problem is the crazy way the kernel
> development works.
>
> If you think of the kernel as an engine of the car (the analogy is apt
> as the kernel is as complex as a car/jet or whatever engine you think
> and does similar work,
>
> Debian itself has been doing quite a bit of hardening, see
>
> https://wiki.debian.org/Hardening
>
> https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
>
> And as can be seen one of the advocates is Kees Cook
>
> https://www-s.acm.illinois.edu/conference/2014/speakers/keescook.html
>
>

Hi all,

Just saw lwn.net and the opened archives. See 
https://lwn.net/Articles/663213/ . Shares the same point I was trying to 
make.

This is precisely what 'hurd' kernel is all about. at least this aspect.

" We must instead realize that we will never fix them all and focus on 
making bugs harder to exploit. " - lwn.net

Also see https://lwn.net/Articles/538600/

Also this - https://lwn.net/Articles/538764/

"What he doesn't seem to care about is that most of the kernel inclusion 
process is politics." - dpquigl @ lwn.net comment

Also https://forums.grsecurity.net/viewtopic.php?f=7&t=4309

And this is from the meeting which happened in October where Kees Cook 
finally talked about Linux Hardening. Also Ted Tso added to it (author 
of ext family filesystem.)

-- 
Regards,
Shirish Agarwal,
Community Lead,
Hamaralinux.org