[Hamara-devel] The kernel of argument - an article on linux security, its reach
shirish
shirish at hamaralinux.org
Wed Nov 25 15:00:22 GMT 2015
at bottom :-
On 11/25/2015 08:08 PM, shirish wrote:
> addition at bottom :-
>
> On 11/17/2015 11:22 PM, shirish wrote:
>> Hi all,
>>
>> The one which I'm going to link is really longish so have something hot
>> or cold and take time out as it's going to take quite some time to
>> read it.
>>
>> http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/
>>
>>
>>
>> The great thing about the article is that people who deny or live in
>> denial that GNU/Linux is big has been proved wrong.
>>
>> As far as security on the kernel is concerned, I *think* the author got
>> it right. A big part of the problem is the crazy way the kernel
>> development works.
>>
>> If you think of the kernel as an engine of the car (the analogy is apt
>> as the kernel is as complex as a car/jet or whatever engine you think
>> and does similar work,
>>
>> Debian itself has been doing quite a bit of hardening, see
>>
>> https://wiki.debian.org/Hardening
>>
>> https://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
>>
>> And as can be seen one of the advocates is Kees Cook
>>
>> https://www-s.acm.illinois.edu/conference/2014/speakers/keescook.html
>>
>>
>
> Hi all,
>
> Just saw lwn.net and the opened archives. See
> https://lwn.net/Articles/663213/ . Shares the same point I was trying to
> make.
>
> This is precisely what 'hurd' kernel is all about. at least this aspect.
>
> " We must instead realize that we will never fix them all and focus on
> making bugs harder to exploit. " - lwn.net
>
> Also see https://lwn.net/Articles/538600/
>
> Also this - https://lwn.net/Articles/538764/
>
> "What he doesn't seem to care about is that most of the kernel inclusion
> process is politics." - dpquigl @ lwn.net comment
>
> Also https://forums.grsecurity.net/viewtopic.php?f=7&t=4309
>
> And this is from the meeting which happened in October where Kees Cook
> finally talked about Linux Hardening. Also Ted Tso added to it (author
> of ext family filesystem.)
>
Left out this one by mistake -
https://lwn.net/Articles/663597/
--
Regards,
Shirish Agarwal,
Community Lead,
Hamaralinux.org
More information about the Hamara-devel
mailing list