He may be the saint of the Linux community, but it sounds like Linus Torvalds – with his secret security fixes – could still be a challenge to work with.
The ups and downs of life with Linus
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Nice post, I went through all of it. It seems Linus still loves working alone. No doubt fixing , patching doesnot always work… so his approach of writing a new code is good one but it also leads to new bugs! So one has to find a balance between fixing a bug and releasing a patch and sometime rewriting a new code!
The best example we have of patch work in Windoz kernel, or IE engine! Which is patched all the time yet the patches have holes or even sometime due to patches there are some other wholes! So patched system doesnot work always… also it becomes headque to maintain the patches and also tranforming them to end user!
anyway… go with any approach… its going to help Linux community. and both have only nice goal… of fixing a bug.
Like Linus, everyone has their strengths and weaknesses. The more closed your development process is, the fewer strengths you have to cover others weaknesses. With Linux, you have more people, and therefore more strengths, covering any weaknesses then just about anything else.
Linus has this bad habit of fixing security holes quietly,
Which is one of the big problems. There goes around a rumour about Linux being so secure, while so many of us know that this is not the case. This is one of those myths that we need to get rid of. No matter if you enjoy the Linux environment, we have to put an end to the false “facts” people use. This is definitely one of them. Linux is not to be declared a “secure” operating system. It’s along the lines of Win 2k3.
Otherwise, interesting article.
Alan Cox say: “Linus is a good developer, but is a terrible engineer,” … “As the maintainer of the development kernel Torvalds needs make sure the kernel code is easy to maintain, while Cox is more interested in kernel stability and is not so worried about “hacking” the code to get it to work”
I am not a good engineer but I gust that a clean code without hacks is a sign of good desing. I think that in something so complex like software is better to be clean an ‘easy to read’ that a genius and write not so obvious algorithm. As I think hacks only get ugly code with time (at last my hacks!!)
No system is secure (unless unplugged from the powergrid). The big advantage that *Nix systems have over Windows, is that the *Nix culture rigorously teaches to separate superuser and normal users. There maybe exploits, but it is a tad harder to make use of it on a massive scale.
NB. This is speaking about the mass of end-users using a desktop computer. When touching upon business installations and admins, that is a completely different ballgame.
There is no need to question Linus. He himself admitted that Linux (the kernel) has flaws and that people shouldn’t solely rely on the kerneldevelopers for security. Linus recommended additional safeguards. Sounds pretty decent to me.
I have to agree if you keep hacking something it will only get worse. I have done this on multiple occasions, before you know it you cant even read the code . Lets just hope our distros are hacking up the code so it works right.
> There goes around a rumour about Linux being so secure
have you ever played with iptables? grsecurity? pam?
can you give examples of problems you have had?
have you used linux? and if so, which distro?
> we have to put an end to the false “facts” people use
from what i remember, ms is the one with a _huge_ campaign entitled “get the facts”
and isnt it balmer who constantly alludes to free software developers being unknown hackers from china in order to spread fud
i know linux isnt a solution for everyone, but please post something more than just anger and fud
I’d have to agree with “Anonymous”.
Linux is not secure maybe more secure than windows but it doesn’t exactly have military level security.
(…) to put an end to the false “facts” people use
Like these http://www.microsoft.com/windowsserversystem/facts/default.mspx ?
No system is secure (unless unplugged from the powergrid). The big advantage that *Nix systems have over Windows, is that the *Nix culture rigorously teaches to separate superuser and normal users. There maybe exploits, but it is a tad harder to make use of it on a massive scale.
NB. This is speaking about the mass of end-users using a desktop computer. When touching upon business installations and admins, that is a completely different ballgame.
You don’t know what security is. You’re talking about desktop machines, which are mostly one- or two, maybe three-user machines. That’s where separation of super- and regular users does not matter much:
When I’m browsing the web and catch up some virus which removes all files it can, it removes all MY data. I don’t care whether it can’t touch things like /usr, because that’s what I can reinstall. The important stuff is exactly what the virus (running as user $ME) can access.
>> There goes around a rumour about Linux being so secure
> have you ever played with iptables? grsecurity? pam?
> can you give examples of problems you have had?
> have you used linux? and if so, which distro?
i’m not really sure … put perhabs he is right. I mean windows 2k3 has also an administrator, and user. And if you can gain a stack based overflow, then someone can take control of your system – either if it is linux or windows.
Stack overflow Buffer Protection (like under solaris) would be a good think. I heard that they are some implementation for that under linux, but they don’t work well.
But, of course, for average user, using windowsXP/2000/98, reading email with outlook, and downloading warez via emule, windows is insecure.
Linux can be rooted, we all know that. There are fixes everyday for security holes in various apps and in the kernel. ALL OSs have these problems. It’s just more usually more difficult to hack into linux.
This article sounds like ot could be a nice marketing piece for MS. They don’t come across as having their act together IMO.
Linux is not to be declared a “secure” operating system.
D’oh. Who to believe: the opinion of an anonymous, uninformed anti-Linux troll or the Common Criteria Testing Laboratory?
It (SuSE SLES) was just declared a “secure” operating system – at the EAL4 level – same as Trusted Solaris.
http://www.heise.de/english/newsticker/news/56451
I kind of understand where Linus would be coming from. I started as a Sys Admin. As many know in the Linux/Unix world the line between Admin and Programmer is easily blurred. A 1 liner turns into a function that turns in to a class…most times the deadline dosent give enough time to clean up code so I remain happy with “it ain’t pretty but it works” scenario.
Anyone know what im talking about~
-N
D’oh. Who to believe: the opinion of an anonymous, uninformed anti-Linux troll or the Common Criteria Testing Laboratory?
It (SuSE SLES) was just declared a “secure” operating system – at the EAL4 level – same as Trusted Solaris.
http://www.heise.de/english/newsticker/news/56451
Wow, that’s a smart move. Did you bother to look up on EAL 4 ???
Let me bring in Slashdork article here
http://linux.slashdot.org/article.pl?sid=05/02/20/1820218&from=rss
Let me quote
“This puts SLES9 in the same league as Windows 2000 for sales in the government sector and is the first Linux distro to achieve an EAL4 certification.”
So you’re personal attacks wasn’t worth much now then aye? I guess now that you even chose to use EAL 4, you could say W2k is more secure than Debian or SE Linux… LoL, and 2k3 is likely to be more safe than 2k as far as I know (at least in known vulnerabilities). So what was your point again?
If two OSs have achieved the same security certification, they can be said to be comparably secure, at least for the criteria tested.
From the /. article you linked, you can easily find that no OS has higher than EAL4 certification. You cannot just assume Win2003 is better, there is no comparison that can be drawn in this context. I guess it makes sense to choose Win2k after all then?
When I’m browsing the web and catch up some virus which removes all files it can, it removes all MY data. I don’t care whether it can’t touch things like /usr, because that’s what I can reinstall. The important stuff is exactly what the virus (running as user $ME) can access.
And that’s why you’re supposed to backup all your data as the root user, right? To keep your data safe and secure where the virus cannot touch it.
From the /. article you linked, you can easily find that no OS has higher than EAL4 certification. You cannot just assume Win2003 is better, there is no comparison that can be drawn in this context. I guess it makes sense to choose Win2k after all then?
I claimed 2k3 to be better based on known vulnerabilities. So I motvated it. I also noticed that SE Linux obviously is less secure based on EAL4 certification.
The whole point of the entire post was actually just to show that the Linux propagandha is just a question of sending a massmessage rather than a qualitymessage, just like M$. It’s like Linux zealots and Microsoft are more alike than any other OS fangroups that I know of (that include a bunch of them). The original claim was that Linux is just not as secure as people claim it to be, and this EAL 4 SLES dude simply wanted to hype Linux being clueless that Windows actually also had the same certification. It’s embarassing really…
>Again it’s your opinion, not “fact” that Unix is more secure by design.
When a exploit in a browser on one system gives you direct access to all system binaries while the same is not possible on the other system, which design is more secure?
And that’s why you’re supposed to backup all your data as the root user, right? To keep your data safe and secure where the virus cannot touch it.
I wasn’t sure if you are serious about that. I have been using Linux for over 5 years now and like most people I know rarely backup anything which hey I know I really need to start. When I read your post though I wasn’t sure if you were being serious or not. Is that a good idea to backup user data to directories w/ root only permissions. Such as example) /data/backup/ and chmod 700, chown root, chgrp root?
“Linux is not secure maybe more secure than windows but it doesn’t exactly have military level security.”
We do have military grade security in linux. It is called SElinux, and it is written by the NSA. So tell me, who write the security code for windows?
~Alan Moser
”
I claimed 2k3 to be better based on known vulnerabilities. So I motvated it. I also noticed that SE Linux obviously is less secure based on EAL4 certification. ”
total crap. in what way is SELinux less secure.
“You don’t know what security is. You’re talking about desktop machines, which are mostly one- or two, maybe three-user machines. That’s where separation of super- and regular users does not matter much:
When I’m browsing the web and catch up some virus which removes all files it can, it removes all MY data. I don’t care whether it can’t touch things like /usr, because that’s what I can reinstall. The important stuff is exactly what the virus (running as user $ME) can access.”
dear lord. i guess this kind of attitude is why there are so many owned windows boxes filling my inbox with spam every day.
so so so… hey we area the good guys 😉 linus & alan yes! i thinks the secury fixes appers every moments, but our community are growing more and more and security stuff is more powerfull.
Like devon says:
everyone has their strengths and weaknesses. The more closed your development process is, the fewer strengths you have to cover others weaknesses. With Linux, you have more people, and therefore more strengths, covering any weaknesses then just about anything else.
😉
All,
Latest linux Kerlen 2.6.11 released today.
Change log is massive (though according to the comments, some patchs are untested?)
Lots and lots of changes for Realtek 8169 ethernet controller, i8042 keyboard controllers, some AMD 64 and laptop fixes, plenty of PSMouse patches and patches for mice with 2x mouse wheels (what the hell mouse has that?)
Chickit out
Alan Cox used to work as a sys admin for NTL in the U.K. before he was “famous”; so I suppose it boils down to a matter of taste .
plenty of PSMouse patches and patches for mice with 2x mouse wheels (what the hell mouse has that?)
Yeah, I thought the same thing when I saw a mice like that in a store. Was like WTF? Apperently one scroll wheel is used for vertical scroling, while the other is for horizontal.
Talk about ‘useless’.
please stop quoting mi2g, what little credibility they have was completely shot to pieces by various tech sites after they published that ‘report’.
[By TusharG (IP: 203.124.159.—)]
> The best example we have of patch work in Windoz kernel, or
> IE engine! Which is patched all the time yet the patches
> have holes or even sometime due to patches there are some
> other wholes! So patched system doesnot work always… also
> it becomes headque to maintain the patches and also
> tranforming them to end user!
Can you give examples of patch-work in the Windows kernel and IE? I’m VERY interested in what they did wrong and how to do it better, but the only way I could think of would be to look at the leaked source code and I probably missed by chance to get hold of it. (and whether that would be wise is another question, but it’s not the point here).
[By da truth (IP: —.client.comcast.net)]
> 1) “myths”?
> there are no myths. *nix OS’s provide greater security by
> design. Windows cannot even touch this due to it’s poor
> design.
Again, can you give examples? I pulled some documents from the net about the NT interior (namely HAL, kernel and executive) and the design looked very clear to me, something like the middle between microkernel and macrokernel, with (almost) the best of both worlds.
Military-grade security generally means no security. The reason is that almost none of them have been designed with security as an issue. They were built back before there was an Internet, and effective intranet security would have been a more complex project than the apps themselves. Most military systems have no Internet access even today, so the impact of this is limited.
Where it exists, such as in radio rooms, military security is excellent. Instead of focusing primarily on equipment or software, it focuses on physical protection and on controlling the people that do have access to the data.
I run as a limited user in XP. The OS pops up a bubble about unused icons on the desktop, and offers to clean them up. I agree. Then there is an error message saying that it cannot create a file or something. WTF? I guess you can’t retrospectively implement a security model.
The problems with drivers are less directly an MS problem. I log off, and here is my HP laserjet, giving me dialog about not being able to shut down.
In neither irritating case is there documentation to support un-baking the situation.
Yep, Windows is nearly approaching Gentoo in terms of difficulty for Joe User to administer, at significantly higher cost. I’d dearly _love_ to Get teh Facts on how to make Windows smooth.
“there are no myths. *nix OS’s provide greater security by design. Windows cannot even touch this due to it’s poor design.”
Um, no. Sorry you’re patently wrong there. Find me one single Linux distribution that has obtained Orange Book C2 security certification and you’ll be on even-par with Windows NT.
Since you can’t find a distro that matches the security, your argument is flawed.
“Linus is a good developer, but is a terrible engineer,” … “As the maintainer of the development kernel Torvalds needs make sure the kernel code is easy to maintain, while Cox is more interested in kernel stability and is not so worried about “hacking” the code to get it to work”.
Shouldn’t it be the other way round? In this case, I’d say Linux is the better engineer.
When I’m browsing the web and catch up some virus which removes all files it can, it removes all MY data. I don’t care whether it can’t touch things like /usr, because that’s what I can reinstall. The important stuff is exactly what the virus (running as user $ME) can access.
Except of course that the virus won’t be executable unless you specifically make it so (unlike Windows, where the correct file extension can make a file executable). So unless you go around specifying the executable for files you find on the internet, you’ll be safer than under Windows.
Also, consider that most virus these days don’t really care about your files. They want to compromise your system so they can use your desktop computer as a spam relay, a warez repository or a DDoS attack bot.
To do these things you usually need to be the superuser, which is exactly why it’s crucial to separate user privileges, even if you’re the only user on your PC.
Before telling others that they don’t know what security is, you should find out a little bit more about it yourself…
“Fact into doubt wont go”
C2 level security implies a certain level of auditing.
Under Linux this can only be provided by using a combination of GRSEC plus perhaps one of the newer auditing modules.
Also, SELINUX implements mandatory access control, so the end result of the project could quite easily be at least B2/EAL5 – mandatory protection.
Whoever argues that Windows is more secure than *NIX, is missing two important facts:
* No modularization
* Internet Explorer can’t be removed
”
Um, no. Sorry you’re patently wrong there. Find me one single Linux distribution that has obtained Orange Book C2 security certification and you’ll be on even-par with Windows NT.
”
first understand the c2 ceritification assured quality which is determined through documented interfaces in a controlled environment is not a means to obtain better security at all.
second, the certifications means precious little in real world except for those silly beaurocratic organisations
three its too costly except for people with too much money like MS.
if you are going to argue that ceritifications means more security the world is gona laugh at you so save yourself the embrassement and move on
I think you missed the point that no amount of engineering can correct problems with the people-ware:
–admins can make mistakes, or be made to appear mistaken by real-world events
–insiders are still your weakest link.
Neither of which is grounds for blowing off security, mind you.
I snipped this out of the Common Criteria Report for SuSe Linux when it was evaluated at EAL3+ since the EAL4+ report is not available “The TOE includes standard network applications such as ftp and ssh. xinetd is used to protect network applications which might otherwise have security exposures”. Reading the reports for the various operating systems and how they were tested to say the least was enlightening.
I am not supporting that SuSe, or any other Linux distro is less or more secure than Windows. But to effectively understand how the OS got it’s rating you have to read the documentation. And keep in mind the rating is based on the OS on that particular hardware in that configuration. Anything else either enhances or breaks the configuration.
One example I like to use of how “secure” an operating system is based on a security evaluation is this:
http://eros.cs.jhu.edu/~shap/NT-EAL4.html
Actual security is based on a number of things, not just an evaluation report. What your environment will tolerate in terms of security is based on your configuration and security policy.
Also C2 is dead:
http://niap.nist.gov/cc-scheme/nstissam_compusec_1-99.pdf
> Except of course that the virus won’t be executable unless
> you specifically make it so (unlike Windows, where the
> correct file extension can make a file executable). So
> unless you go around specifying the executable for files
> you find on the internet, you’ll be safer than under
> Windows.
I think this argument is flawed because even if the file is executable, it must still be *executed*, no matter if you are using Windows or Linux. It is not executed automatically. But then, the same code that finally executes it can also set execute permissions.
Remember also that a downloaded virus is, by itself, dead. It cannot do something on either system if not brought to life by malicious or broken code that is already on the system (typical case: a buffer overflow bug in the WWW browser). But then, to exploit a buffer overflow, the virus code needs no explicit execute permissions – it “leeches” them from the program it exploits.
Summary: The _OS_ does, as far as I can see, nothing to protect the _user’s_ files from viruses, worms or trojans, whether on Windows or on Linux. In all of today’s systems, the user’s files are more in danger of broken applications than of broken OSes, and today’s OSes are designed in a way that they cannot do anything about it.
correction: I should have said “Desktop OSes”, dunno about others
“I wasn’t sure if you are serious about that. I have been using Linux for over 5 years now and like most people I know rarely backup anything which hey I know I really need to start.”
You do really need to back up now. All hard drives fail sooner or later – viruses are not the only threat. Also, thieves steal computers.
I am an Amiga user (mainly) and haven’t seen a virus since about 1992, but I still back up regularly. A hard drive failed last month.
Multiply your hourly rate by the hours you have spent creating the data on your drives to find its value.
That people are so convinced Windows is secure. Now all you’ve got to do is make the average user’s machine secure so that every single virus doesn’t knock down thousands of machines at a time and that they’re machines don’t get zombied in 18 minutes, then you’ll have something to be proud of. Until then, you’re arguments mean nothing. Tell’em to keep patching, but they wouldn’t have to if the OS was as secure as I keep hearing it is. C2 certification? Tell it to the guy who’s got to download a 75mb SP2 over dial up. Afterall, we’re talking closed source here which we KNOW is more secure than open source, right? Right?
Linus is more of the engineer type with some discipline, while Cox is very much a kernel hacker, as he doesn’t seem to care about anything more than the immediate “make it work” goal, as opposed to ensuring that future changes won’t be slowed down by ugly code that’s unmaintainable, therefore leading to more bugs that need to be fixed. Chances are that development speed would improve overall if Cox wasn’t hacking at things to make it work, as there’d be less time wasted trying to figure out what something hacked in previously is doing and is supposed to be doing, and then adding something onto that.
What’s unique about downloading patches? You do that for Linux as well… but in case you haven’t noticed, MS DO offer you to get CDs with servicepacks. Did you know that? not only that, but many universities and such offer free FTP downloads locally to servicepacks…. do they offer updates (Not entire distros) on Linux as well. how many mirrors with updates do Suse have with Patchset of CDs????? Ahh, not many aye?
So what is Joe User gonna do who thinks it’s expensive to be connected to often and to much and prefer a CD for patching???
from a social engineering aspect theres a massive difference. windows hides file extensions by default, so what happens is mr. virus writer starts sending emails with photo.jpg.exe as an attachment. it would take a moron of epic proportions to do chmod u+x photo.jpg before viewing. of course, they “fixed” this in sp2, by adding a confirmation dialogue when you launch an executable. the only reason this is at all nessicary is because of the profoundly stupid descision to store metadata like file type in the file name.
I think this argument is flawed because even if the file is executable, it must still be *executed*, no matter if you are using Windows or Linux.
True, however this can be achieved through human engineering (by having the user double-click on an attachment for example). Of course, you can use the same type of human engineering to get someone to change permissions, however by multiplying the steps you are in effect increasing.
Remember also that a downloaded virus is, by itself, dead. It cannot do something on either system if not brought to life by malicious or broken code that is already on the system (typical case: a buffer overflow bug in the WWW browser).
Well, that’s not entirely true. Boot sector viruses, though rare these days, did not require active participation from the user.
The biggest threat of course is Trojans. There’s one on Symantec Security Response which is a bit scary, because it will terminate running a whole lot of security apps as soon as it is executed:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.toos…
It seems here (unless I’m mistaken) that security software sould not be killable by non-priviledged user processes…
In all of today’s systems, the user’s files are more in danger of broken applications than of broken OSes
I tend to agree with you, though I still believe that Linux is marginally more secure than Windows. That doesn’t really mean anything, however, as both systems can be made quite secure.
it would take a moron of epic proportions to do chmod u+x photo.jpg before viewing.
Never underestimate the stupidity of users. Maybe the cup holder CD drive is an urban myth, but I guarantee there are people out there doing very weird things to their machines even as we speak.
>Again it’s your opinion, not “fact” that Unix is more secure by design.
When a exploit in a browser on one system gives you direct access to all system binaries while the same is not possible on the other system, which design is more secure?
Myth. Mistaken opinion. Not fact. The combination of System Restore and file system permissions will protect almost all system binaries.
It’s yet another “fact” that the Linux zealots here and on Slashdot hope will stick if it’s repeated often enough.
Morin posted:
> Summary: The _OS_ does, as far as I can see, nothing to
> protect the _user’s_ files from viruses, worms or trojans,
> whether on Windows or on Linux. […]
Well, both Linux and NT provide some user/group primitives usable to separate the actual user files from the account under which an application runs.
Basically i use /etc/suauth to have Firefox run under the mozilla account that way. With MS-Windows one could use “runas” (or code up some trivial wrapper) i suppose.
The mozilla “user” does need some form of access to i/o devices for it work ofcorce, and in that respect (at least with the X Window System – over Unix domain sockets) this wount protect against things like: remotly dumping a window or worse: spam-relying by app plugins, for instance…
However, unless another kernel exploit exists, files only manipulatable by user “menno” (and root) should be fairly save this way.
As for trojans: doesn’t _every_ OS distro provide GPG sigs (checked by auto-update tools) nowadays?
As for trojans: doesn’t _every_ OS distro provide GPG sigs (checked by auto-update tools) nowadays?
Sure, though one has to consider the problem of warez. It’s relatively easy to release infected warez out there, which definitely won’t be signed.
Of course, warez isn’t that common in Linux, so it’s pretty safe on that front.
I agree with the social engineering point. My favorite is still the attachment named “www.microsoft.com” (.com means executable too under windows, like .exe but with less meta information). And yes, encoding meta-information in the file *name* is damn stupid, not only from a security standpoint!
[By A nun, he moos (IP: 67.71.241.—)]
> Well, that’s not entirely true. Boot sector viruses, though
> rare these days, did not require active participation from
> the user.
Yes, they did. That’s exactly what I mean – without active participation from the user, a BS virus could not install itself into the BS. The virus code is dead by itself, because it is treated as (passive) data, not (active) code.