All the latest UK technology news, reviews and analysis
|
|
|
02 Oct 2007
Linus Torvalds has launched a blistering attack on security programmers who object to adding the Smack application to the upcoming 2.6.24 Linux kernel.
In an often heated exchange, Torvalds accused security programmers of being too concerned with theoretical problems and not enough with practical applications.
Smack uses Linux Security Modules (LSM) which some researchers believe could be used to aid attacks on systems using the code. The researchers would prefer to see Security-Enhanced Linux as the option of choice.
"If LSM remains, security will never be a first class citizen of the kernel, " said Linux developer James Morris.
"Application developers will see multiple security schemes, and either burn themselves trying to support them, or more likely ignore them.
"On a broader scale, we will miss the potential of Linux having a coherent, semantically strong security architecture."
But this set Torvalds off on a rant about the impossibility of satisfying the demands of security researchers.
"You security people are insane. I am tired of this 'only my version is correct' crap," he wrote.
"The whole and only point of LSM was to get away from that. And anybody who claims that there is 'consensus' on Security-Enhanced Linux is just in denial."
Torvalds got so riled that he started posting some comments in block capitals, which in discussion terms represents shouting.
"If you guys had been able to argue on hard data and be in agreement, LSM would not have been needed in the first place. BUT THAT WAS NOT THE CASE," he wrote.
"And perhaps more importantly: BUT THAT IS *STILL* NOT THE CASE. Sorry for the shouting, but I am serious about this."
Torvalds concluded by stating that LSM will stay in the kernel and that this is his final decision.
He added that he might change his mind if security people made decent arguments, but that this was as likely as "hell freezing over or pigs nesting in trees".
Latest stories from Open Source
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Field/Site Engineering Manager/Leader Brief: Polar...
Product Manager, Open Repository (ref:BMC/PMR) End...
Java/J2EE Software Developer/Programmer - Dotcom/ eCommerce...
Field/Site Engineering Manager/Leader Brief: Polar...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
HURD
Hurd may indeed prove to be worth while. After all, the developers have had years to learn from Linus and Linux. If you don't like the way Linux controls his creation, go write your own OS and by all means retain control of its evolution. That would be entirely reasonable.
Posted by: Ken Holmes 09 Oct 2007
Hurd
Hurd is valuable? I thought it was a kind of joke thought up by GNU programmers like an engineering department working on a perpetual motion machine. It sounds cool and would completely beat all other OSes if it worked but its also completely infeasible, its been in development for 10 years with nothing of interest to show other than a basic UNIX clone OS that's slow and doesn't support real world hardware (Maybe you could run it under a lightweight OS in a virtual environment). Every time there is supposed to be a new development, such as switching to a new kernel it never gets anywhere. Its like philosophers contemplating the existence of god.
Posted by: EbilPhish 08 Oct 2007
Torvalds is right
yah he is doing right, good luck Mr. Torvalds, you r going way goood. Eliena
Posted by: Eliena Andrews 08 Oct 2007
Solaris
Want security and UNIX, use Solaris.
Posted by: Abe 08 Oct 2007
Dear Dara
You wrote: Bad Strategy It seems that Torvalds' strategy of p*ssing developers off is on the increase. Without a good lesson in diplomacy and ettiquete, soon the Linux Kernel will have no developers. But please do go on as mentioned, many of us would like to see these valuable developers working on a really worthwhile project (such as the Hurd) instead of wasting there time making your name sound more and more important. One day, just like Agustus Gloop, your bubble will burst Torvalds. May it be soon, because we're waiting for it! ;-) Posted by: Dara Zetun, 05 Oct 2007 Firstly, did Linux insult developers or did he respond firmly to security wonks that talk but add nothing to Linux. Secondly, it appears you are sufficiently anti-Linux that it doesn't matter what he chooses to say or do.
Posted by: Ken Holmes 08 Oct 2007
Ooops....
Why is this happening anyway? Well, see, it's the security people's job to be paranoid and it's a programmer (or a debugger at least) to point out some errors of some sort, why can't they just work around and test instead of going on a p*ssing contest? Linus, you're the Man, but at least try to be nice (You have your point anyway! Let them prove themselves worthy, and throw ourselves some beer, shall we?)
Posted by: Ken M. Pernada 07 Oct 2007
Bad Strategy
It seems that Torvalds' strategy of p*ssing developers off is on the increase. Without a good lesson in diplomacy and ettiquete, soon the Linux Kernel will have no developers. But please do go on as mentioned, many of us would like to see these valuable developers working on a really worthwhile project (such as the Hurd) instead of wasting there time making your name sound more and more important. One day, just like Agustus Gloop, your bubble will burst Torvalds. May it be soon, because we're waiting for it! ;-)
Posted by: Dara Zetun 05 Oct 2007
Hey Linus Come quick there are Pigs nesting in the tree outside my window
My comment on Mr.Tourvalds comment on security people being insane is take a good long look at a product made by a guy named Gates and his band of 40+ thieves. Last thing that users want is an OS that is as secure as dare i say it Windows. We all know that security on Windows is a total joke. Ultimately it's up to you Mr.Tourvalds. Just keep in mind this. Ever since 1995 paranoid security guys have been telling Mr.Gates and his crew that they need to serious about security. Instead they chose to be lax and opt for glitz over security. Don't make the same mistake, Mr.Tourvalds. Well that was my two cents worth. I'm now off to go skating in hell.
Posted by: Taggart Romkey 03 Oct 2007
Oink! Oink!
Bloody birds keep flapping constantly & that bloody din they make. If I wasn't so well-mannered I'd fart on one of them.
Posted by: Rex Alfie Lee 03 Oct 2007