Posted on 11/11/2015 4:35:38 AM PST by ShadowAce
Does Linus Torvalds fail to take security in the Linux kernel seriously, and is the world doomed because of it? That's what the Washington Post suggests in a recent article about security in the open source OS.
The Post sums up Torvalds's take on security as follows: "Security of any system can never be perfect. So it always must be weighed against other priorities -- such as speed, flexibility and ease of use -- in a series of inherently nuanced trade-offs."
The Post also describes Torvalds as "the man who holds the future of the Internet in his hands."
Taken together, the two points suggest that Torvalds is not serious enough about security in Linux, and that his lackadaisical approach endangers everyone who uses the Internet.
Both claims are problematic. First, it's a pretty big -- if flattering -- stretch to say that Torvalds holds the Internet in his hands. The Linux kernel is an important part of the Internet because it powers many servers and networking devices, but there is much, much more to the Internet than Linux. The developers of the Apache HTTP server, PHP or MySQL, among other software platforms that play central roles in the Internet, are just as significant as the man behind the Linux kernel.
More important, there is arguably much to be said for Torvalds's attitude toward security. Torvalds recognizes and is willing to admit that a completely secure system can simply never exist, since it's impossible to be certain that no security vulnerability exists in any layer of a software stack.
That makes his message different, and less comforting, than that of developers who promise to deliver hacker-proof platforms. But those are false promises. It's much healthier to admit that limitations exist than to cling to a fantasy where there are never security vulnerabilities.
Of course, if CTOs of major companies frankly admitted to the public that their software systems almost definitely have security flaws, and always will, their businesses would suffer. Torvalds can get away with more candor when it comes to Linux security. He doesn't have a job to keep or a company's image to promote.
All the same, it's disappointing to see a platform like the Post -- which has many non-technical readers who may think making software secure is just a matter of investing enough money in security -- defame the Linux kernel for security issues.
After all, Linux has powered millions of servers for more than two decades without being the source of security breaches that have resulted in the theft of millions of people's personal information. Increasingly few developers of other platforms can say the same in an era of recurring disclosures about massive security breaches of the software systems at businesses and government agencies.
The only truly “secure” computer system is one that, once activated, no one can use or access; it is a device of very specific and limited utility.
An example of such a system is the completely autonomous computer system controlling the Soviet Doom’s Day Bomb in Stanley Kubrick’s hilarious Cold War comedy “Dr. Strangelove.”
You’re assuming the autonomy code would be flawless.
I wonder if this attack on Linus is related to efforts reported previously by feminists to take him down.
It's the whole "You didn't build that" mentality.
Of course.
But, since it would be inaccessible once operational, that would serve as a powerful incentive for its developers to ensure the system’s hardware and software was properly and thoroughly validated and verified (V&V) during developmental and operational testing prior to placing it into service. In fact, the need to be absolutely certain would probably prolong the R&D phase because, once you throw the switch, turn the command key, hit the “Enter” key, etc., no “do overs” are possible.
But, nonsense aside, my underlying point is agreement with the claim it is impossible to attain a perfectly secure system because: 1) it was built to be used and such use - especially widespread and continuous use - immediately exposes it to a larger and very difficult to assess and control risk spectrum, and 2) the users, human beings, are simultaneously so smart, stupid, industrious, lazy, cunning, indifferent, malicious, and indolent that they constitute the principal on-going risk to the system’s security so long as they are allowed to access/use it.
This, I believe, is the reason for the suspicious nature and haunted look seen on the faces of many system administrators; the knowledge that, fundamentally, the only time the system is really secure and operating properly is when no one is allowed to use it.
(Excepting, of course, the recent theft by hackers of what? ...28 million...security clearance files from OPM. System administrators own that one lock, stock, and barrel.)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.