From: Steven Rostedt <rostedt@goodmis.org>
To: Evan Rudford <zocker76@gmail.com>
Cc: Greg KH <greg@kroah.com>, workflows@vger.kernel.org
Subject: Re: Is the Linux kernel underfunded? Lack of quality and security?
Date: Wed, 18 Nov 2020 13:13:22 -0500 [thread overview]
Message-ID: <20201118131322.7bae7622@gandalf.local.home> (raw)
In-Reply-To: <CAE90CG5MQM+8qX0F_RHmHwrh3fP1oxbtTym_tv-UhW2K3pYD-A@mail.gmail.com>
On Wed, 18 Nov 2020 18:59:09 +0100
Evan Rudford <zocker76@gmail.com> wrote:
> This is perhaps hard to argue because the competition isn't good.
> To be honest, I feel that neither Linux nor any other "major" OS is
> reaching "high" security-standards.
> It is a fallacy to think that the security-situation is good just
> because nobody else is better.
> And of course, rewriting Linux is nearly impossible, but I doubt that
> Linux will ever become "truly secure" as long as everything is written
> in C.
> Let's face the reality: C is an excellent systems programming
> language, but it is like an "unprotected chainsaw" with respect to
> security.
>
I call "bull" on the above statement. This C isn't secure, is just a
blanket statement. Yes, C has issues, and so does assembly (which there's
plenty of that in the kernel). But with the amount of static analyzers and
fuzz testing going on, the typical C bugs that are in most projects are
well discovered in the Linux kernel.
> > Again, citation please? I would argue that right now we have too many
> > people/resources working on security issues that are really really minor
> > in the overall scheme of things.
> > greg k-h
>
> I agree that the current security-efforts might not be well-directed
> for the overall scheme of things.
> However, I don't think that security has "too many" people in total.
> It might be true that "minor" security-issues are eating too many
> resources, but there are still "non-minor" security issues that are
> not yet addressed.
Funny, I find that the biggest threat to security today is coming from the
hardware. Issues like spectre and meltdown, and everything to do with
parallel programming is going to be the new age of cracking the system. And
ironically, C and assembly are probably the best languages to counter it ;-)
-- Steve
next prev parent reply other threads:[~2020-11-18 18:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-05 3:49 Is the Linux kernel underfunded? Lack of quality and security? Evan Rudford
2020-01-05 8:15 ` Greg KH
2020-11-18 17:59 ` Evan Rudford
2020-11-18 18:13 ` Steven Rostedt [this message]
2020-11-18 19:30 ` Evan Rudford
2020-11-18 19:51 ` Steven Rostedt
2020-11-18 19:53 ` Theodore Y. Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201118131322.7bae7622@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=greg@kroah.com \
--cc=workflows@vger.kernel.org \
--cc=zocker76@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).