Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Torvalds On Pluggable Security Models

Posted by kdawson on Mon Oct 01, 2007 06:40 PM
from the plain-speaking dept.
Security Linux
eldavojohn writes "The KernelTrap highlights an interesting discussion on pluggable security models including some commentary by Linus Torvalds. While Torvalds argued against pluggable schedulers, he's all for pluggable security. Other members were voicing concerns with the pluggable nature of the Linux Security Model, but Torvalds put his foot down and said it stays. When asked why his stance was different between schedulers and security, he replied, 'Schedulers can be objectively tested. There's this thing called 'performance,' that can generally be quantified on a load basis. Yes, you can have crazy ideas in both schedulers and security. Yes, you can simplify both for a particular load. Yes, you can make mistakes in both. But the *discussion* on security seems to never get down to real numbers. So the difference between them is simple: one is hard science. The other one is people wanking around with their opinions.'"

Related Stories

[+] Linux: Torvalds Explains Scheduler Decision 411 comments
Firedog writes "There's been a lot of recent debate over why Linus Torvalds chose the new CFS process scheduler written by Ingo Molnar over the SD process scheduler written by Con Kolivas, ranging from discussing the quality of the code to favoritism and outright conspiracy theories. KernelTrap is now reporting Linus Torvalds' official stance as to why he chose the code that he did. 'People who think SD was "perfect" were simply ignoring reality,' Linus is quoted as saying. He goes on to explain that he selected the Completely Fair Scheduler because it had a maintainer who has proven himself willing and able to address problems as they are discovered. In the end, the relevance to normal Linux users is twofold: one is the question as to whether or not the Linux development model is working, and the other is the question as to whether the recently released 2.6.23 kernel will deliver an improved desktop experience."
Firehose:Torvalds on Pluggable Security Models by eldavojohn (898314)
This discussion has been archived. No new comments can be posted.
Torvalds On Pluggable Security Models | Log In/Create an Account | Top | 216 comments | Search Discussion
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • Well (Score:3, Funny)

    by homey of my owney (975234) on Monday October 01, @06:44PM (#20817591)
    He's right.
    • Re:Well by QuantumG (Score:1) Monday October 01, @06:47PM
      • Possibly by ta bu shi da yu (Score:2) Wednesday October 03, @10:30AM
      • Re:Well by Anonymous Coward (Score:1) Monday October 01, @07:22PM

      • Re:Well (Score:5, Funny)

        by HeavensTrash (175514) on Monday October 01, @07:23PM (#20817929)
        (http://www.hatesville.com/)
        Linux is arrogant and clueless? I didn't know an OS could have human traits.
        [ Parent ]

        • Re:Well (Score:5, Insightful)

          by rumblin'rabbit (711865) on Monday October 01, @08:12PM (#20818293)
          (Last Journal: Sunday October 29 2006, @07:37PM)
          I've used lots of software that was arrogant and clueless. Hell, I've written software that was arrogant and clueless.
          [ Parent ]
          • Re:Well by marcosdumay (Score:2) Tuesday October 02, @08:16AM
          • Re:Well by zeromorph (Score:3) Tuesday October 02, @02:14AM
          • 1 reply beneath your current threshold.
        • Re:Well by QuantumG (Score:2) Monday October 01, @08:29PM
          • Re:Well by wellingj (Score:2) Tuesday October 02, @12:17AM
            • Re:Well by earnest murderer (Score:2) Tuesday October 02, @12:52AM
            • Re:Well by SL Baur (Score:2) Tuesday October 02, @03:41AM
          • Re:Well by DrXym (Score:3) Tuesday October 02, @03:54AM
          • Re:Well by Joebert (Score:2) Tuesday October 02, @11:59AM
          • 1 reply beneath your current threshold.
        • Re:Well by RK077208 (Score:1) Monday October 01, @09:34PM
        • Re:Well by phantomfive (Score:3) Monday October 01, @10:06PM

          • Re:Well (Score:5, Funny)

            by ShieldW0lf (601553) on Tuesday October 02, @03:07AM (#20820535)
            No it doesn't. Information hates being anthropomorphized.
            [ Parent ]
            • Re:Well by aproposofwhat (Score:1) Tuesday October 02, @04:09AM
              • Re:Well by DrSkwid (Score:2) Tuesday October 02, @05:43PM
                • 1 reply beneath your current threshold.
        • Re:Well by yoprst (Score:1) Monday October 01, @11:12PM
      • Re:Well by Anonymous Coward (Score:1) Monday October 01, @07:23PM
      • Re:Well by Raineer (Score:1) Monday October 01, @07:51PM
      • Re:Well by Anonymous Coward (Score:2) Monday October 01, @08:21PM
        • Re:Well by Amani576 (Score:1) Monday October 01, @09:23PM

      • Re:Well (Score:5, Insightful)

        by deek (22697) on Monday October 01, @09:08PM (#20818745)
        (http://slashdot.org/ | Last Journal: Wednesday April 13 2005, @03:14AM)

        No. Linux is not convincing. He is arrogant and more and more clueless. Unfortunately people seem to be so in awe of him, that allmost nobody is willing to tell him that he has he is "wanking around" about a lot of things he obviously does not really understand.


        You're not being very convincing either. You call Linus all sorts of things, without actually saying specifically why you think he is arrogant, clueless, and has no understanding. I'm open to the idea that he may be, but your post certainly does nothing to convince me of it.

        At least Linus has specifically stated why he thinks security guys are "wanking around". It's because security people state that "only my version is correct", when they don't quantify exactly why this is the case. That certainly meets my criteria for "wanking around". Linus appears to have made a good judgement call.
        [ Parent ]
        • Re:Well by ShieldW0lf (Score:1) Tuesday October 02, @03:50AM

          • Re:Well (Score:5, Insightful)

            by mr_mischief (456295) on Tuesday October 02, @10:44AM (#20823963)
            (Last Journal: Thursday April 19 2007, @10:15PM)
            Security is not a package. Say it with me now, "Security is not a package".

            Security is a process. You make the effort needed to crack or crash a system beyond the value to the attacker, and they won't attack.

            There's simply no need of SELinux in a coffee pot or an MP3 player. It's overkill. Linus is concerned with all the targets of the kernel, and not just the Sewper Seekret Survur next to the dresser in some kid's room.

            Now _you_ might be using Linux to keep millions of credit card numbers or to process satellite intelligence for some national government, but that's not what everyone does with it. So long as there are reasons to focus more or less on security and different needs among those focusing on it, pluggable security models make sense.

            For the vast majority of Linux targets, SELinux in particular is probably overkill. The scheduler effects everyone. If your main goal is security at all costs, use SELinux (it's not hard) or use OpenBSD instead of Linux.
            [ Parent ]
          • Re:Well by turbidostato (Score:2) Wednesday October 03, @07:41PM
        • Re:Well by ch0ad (Score:1) Tuesday October 02, @07:03AM
          • Re:Well by DrSkwid (Score:1) Tuesday October 02, @05:47PM
          • 1 reply beneath your current threshold.
        • 2 replies beneath your current threshold.

      • Re:Well (Score:5, Insightful)

        by Daishiman (698845) on Monday October 01, @09:40PM (#20818943)

        There is no security model that's better than others for all cases. They're all tradeoffs between convenience and security at the user level, and no, a security model is not quantifiable, as the amount of variation between specifications is mindboggling. Do you know the difference between RBAC, RAS, SELinux, AppArmor? Between the dozens of different and incompatible security systems used in AIX, Solaris, i5/OS, QNX, z/OS, and VMS? They all have their places, they all have their own advantages and disadvantages. Security doesn't stop with setting the "sticky bit".

        But most importantly, security models are not CPU-intensive. Even the most demanding model will check file access permissions once in a blue moon in comparison to a scheduler. Schedulers store and use differnt information in very different ways which makes it difficult to make a generic framework that will support every possible datum they might need without making a significant impact on performance (it's a piece of code called thousands of times a second, performing rather complex computations).

        Besides, it doesn't mean that Linux doesn't have several schedulers. It does, but they're kept under different branches, and they're sufficiently tunable to meet all your usual requirements, and CFS is a sufficiently superior alternative with the right stuff to warrant its maintenance in the mainline.

        [ Parent ]
        • Re:Well by Anonymous Coward (Score:1) Tuesday October 02, @01:14AM
        • Prove it.... by fuliginous (Score:1) Tuesday October 02, @03:12PM
      • 4 replies beneath your current threshold.

    • Re:Well (Score:5, Interesting)

      by Trillan (597339) on Monday October 01, @06:47PM (#20817627)
      (http://pyile.com/ | Last Journal: Tuesday December 19 2006, @01:33PM)
      He is right, definitely But being theoretically able to measure something doesn't mean it's practical or the the results are always useful.
      [ Parent ]
      • Re:Well by Acrimonymous (Score:1) Monday October 01, @06:59PM
      • Re:Well by Vellmont (Score:2) Monday October 01, @07:53PM
      • 1 reply beneath your current threshold.
    • No, he doesn't understand by CarpetShark (Score:2) Tuesday October 02, @07:32AM
    • Re:Well by IT074552 (Score:1) Tuesday October 02, @11:55AM
    • 2 replies beneath your current threshold.

  • wanking around (Score:5, Funny)

    by Anonymous Coward on Monday October 01, @06:47PM (#20817625)
    I've been wanking around with pluggable opinions for years, and I turned out okay.

  • Irony? (Score:1, Offtopic)

    by Kawahee (901497) on Monday October 01, @06:52PM (#20817663)
    (http://empyrean.kyve.net/ | Last Journal: Wednesday July 26 2006, @08:42PM)
    I hope the irony isn't lost on Torvalds:

    ...people wanking around with their opinions.
    • Re:Irony? by jack455 (Score:1) Thursday October 04, @11:55PM
    • 1 reply beneath your current threshold.

  • Spot on Torvalds... (Score:4, Insightful)

    by cez (539085) * <cezsolutions@@@gmail...com> on Monday October 01, @06:54PM (#20817675)
    (http://www...com/)
    I think Torvalds is right on this one. Until we can quantify security as we can scheduling performance, which he argues for, why shouldn't he keep LSM modular?


    If not, an artificial limit onto the integrity of the system would be created. Sure SELinux is a viable option, but why should we think it is the best ?

    • Re:Spot on Torvalds... (Score:5, Insightful)

      by gweihir (88907) on Monday October 01, @07:14PM (#20817835)
      Security cannot be quantified in hard numbers, since security is allways relative to the resources the adversary has. True, you could plan for some specific adversary. But that would be pretty meaningless. Also resources of an adversary is not a simple number that can be compared. Some thinks are limited to pecific attackers. Other stuff depends on money and/or time. Yet other stuff requires a specific type of competence. That is also why there typically is no "best" solution.

      So, no, security folks are not "wanking around" as some specific asshole seems to claim, they are using the best tools available to evaluate adequacy of different security solutions. Those that do not get this are not getting what security is about and what the state of the art is. These people should better stay far away from security-relevant decisions and let people that at least understand present technology in that area make the decisions.
      [ Parent ]
      • Re:Spot on Torvalds... by cez (Score:3) Monday October 01, @07:41PM
      • Re:Spot on Torvalds... by Vellmont (Score:2) Monday October 01, @08:11PM

      • Re:Spot on Torvalds... (Score:5, Informative)

        by RedWizzard (192002) on Monday October 01, @08:20PM (#20818361)

        So, no, security folks are not "wanking around" as some specific asshole seems to claim, they are using the best tools available to evaluate adequacy of different security solutions. Those that do not get this are not getting what security is about and what the state of the art is. These people should better stay far away from security-relevant decisions and let people that at least understand present technology in that area make the decisions.
        If you actually read the article instead of just reacting to the sensationalist quote you'd know that this is exactly what Linus is saying. Security people don't agree and he is not qualified to make a decision so modularization needs to stay. In the case of the scheduler he feels he is qualified to make decisions and has done so. However he does bemoan the fact that the arguments presented by the security experts often don't make a lot of sense. This is where the "wanking around" quote comes from.
        [ Parent ]
    • Re:Spot on Torvalds... by QuantumG (Score:2) Monday October 01, @07:16PM
    • Re:Spot on Torvalds... by Zigurd (Score:2) Monday October 01, @07:17PM

    • So we can quantify scheduling performance? (Score:5, Insightful)

      by SanityInAnarchy (655584) <ninja@slaphack.com> on Monday October 01, @07:28PM (#20817965)
      (Last Journal: Tuesday October 30, @10:59AM)
      I wasn't aware we'd completely solved problems of responsiveness vs throughput, or of normal vs soft realtime vs hard realtime.

      If we don't keep scheduling modular, an artificial limit on the performance of the system will be created. Sure, CFS is a viable option, but why should we think it is the best ?

      What's more, "wanking around with your settings" has often been what Linux has always been about. Ubuntu never uses chroot in a normal situation; does that mean it should be taken out? My GUI and hotplug utilities can automount anything I plug in; should /etc/fstab be removed?

      We haven't used anything but ELF for probably 5-10 years, yet, last I checked, a.out is still supported.

      Why should the system be made non-modular?
      [ Parent ]
      • Re:So we can quantify scheduling performance? by cez (Score:2) Monday October 01, @08:06PM

      • Re:So we can quantify scheduling performance? (Score:5, Insightful)

        by Jah-Wren Ryel (80510) on Monday October 01, @08:13PM (#20818301)

        I wasn't aware we'd completely solved problems of responsiveness vs throughput, or of normal vs soft realtime vs hard realtime.
        And I don't think we ever will. I think Linus's point that scheduler performance can be measured is the strongest reason to go with pluggable schedulers. I want the scheduler that performs best for the way that I use my system. I don't think anyone gives a ratsass about how well the scheduler works for someone else. I want it to work best for me and my workloads.
        [ Parent ]

        • Re:So we can quantify scheduling performance? (Score:5, Interesting)

          by cmat (152027) on Tuesday October 02, @07:24AM (#20821513)
          No, Linus' point about schedulers is that to make a pluggable scheduler, you will need to sacrifice performance just to achieve the plug-ability. Linus believes that the most flexible scheduler (i.e. performance, tune-ability) can be discovered at development time with a set of metrics that are defined currently. In which case he feels that the kernel devs can make the "best" choice of scheduler up front. Yes there will be fringe cases, in which case, you have the code, replace/tune/massacre the scheduler to your particular needs.

          The security realm however is completely different. For one, the performance requirement does not exist. So the performance penalty that modular architecture brings is largely irrelevant. And since there exist no metrics that can be used to determine whether one security model is better than another without the usage context, a plug-able architecture is the best road to go down to let something that users CAN and WILL want to implement completely differently from one use-case to the next.
          [ Parent ]
        • 2 replies beneath your current threshold.
      • Re:So we can quantify scheduling performance? by mrwolf007 (Score:2) Monday October 01, @08:20PM
      • Ew, redundancy... by SanityInAnarchy (Score:2) Monday October 01, @09:26PM
      • 1 reply beneath your current threshold.
    • Re:Spot on Torvalds... by Gorshkov (Score:2) Monday October 01, @07:48PM
    • Re:Spot on Torvalds... by kocsonya (Score:3) Monday October 01, @09:08PM
    • Re:Spot on Torvalds... by SanityInAnarchy (Score:2) Monday October 01, @07:31PM
    • 2 replies beneath your current threshold.

  • Maybe i dont get the point (Score:1)

    by mrwolf007 (1116997) on Monday October 01, @06:57PM (#20817703)
    ... but what would happen if you forgot to "plug in" a scheduler?
    Back to single tasking ala DOS?
    Being able to choose which (if any) security module to plug in seems to make a lot more sense.

  • Awesome (Score:3, Funny)

    by obeythefist (719316) on Monday October 01, @07:01PM (#20817723)
    (Last Journal: Monday November 28 2005, @09:58PM)
    "But the *discussion* on security seems to never get down to real numbers. So the difference between them is simple: one is hard science. The other one is people wanking around with their opinions"

    Thanks Linus, that cracked me up. I've always felt that way about a lot of the stuff the security guys do. I'm gonna forward that to our local security guys and see what they think!
    • Re:Awesome by jofny (Score:3) Monday October 01, @07:13PM
      • Re:Awesome by poopdeville (Score:1) Monday October 01, @11:57PM
        • Re:Awesome by jofny (Score:2) Tuesday October 02, @08:25AM
          • Re:Awesome by poopdeville (Score:1) Tuesday October 02, @09:27PM
            • Re:Awesome by jofny (Score:2) Tuesday October 02, @10:16PM
              • Re:Awesome by poopdeville (Score:1) Tuesday October 02, @11:35PM
    • Linus is a foreigner by megaditto (Score:1) Monday October 01, @08:26PM
    • Re:Awesome by Kjella (Score:2) Tuesday October 02, @12:47AM
      • Re:Awesome by obeythefist (Score:2) Tuesday October 02, @08:02PM
    • 1 reply beneath your current threshold.

  • like object oriented? (Score:1)

    by fadilnet (1124231) on Monday October 01, @07:10PM (#20817787)
    (http://www.fadilnet.ic.cz/)
    It sure does like an object oriented approach. If the scheduler and other 'components' can be made pluggable, then it eases up the tasks of many. Developers can focus on 1 aspect of the OS, while the core kernel is just there to 'receive' the 'plugin'. How does it differ from the current approach? Are there too 'components' dependent on each other?

    • Re:like object oriented? (Score:5, Insightful)

      by ASBands (1087159) on Monday October 01, @09:49PM (#20819007)

      At some point, you have to deal with the fact that there is going to be some overhead in dealing with an object-oriented approach. Even if the significance is near 0, the scheduler is pushing operations on the CPU on an incredibly large scale, which might show its ugly face in performance. IMHO, it wouldn't, but I guess Linus knows better than I...

      Anyway, there is this great site called the Linux Kernel Archives [kernel.org], which has the source code for every version of the Linux kernel ever put out. If somebody was really serious about using their own CPU scheduler, all they have to do is take the latest version of the kernel, download the source code and modify sched.c to fit their needs. Even if it isn't object-oriented, that doesn't change the fact that everything else in the kernel only cares that default_wake_function tries to wake up a thread - it doesn't matter how it works on the inside. All the other parts know about is the sched.h header file.

      Sure, it isn't on-the-fly pluggable, but different distributions could easily use different schedulers if they simply compile the kernel. A distribution could make a sched.c that is pluggable (it would have an interesting look to it, but it could be done). I wouldn't want to debug it, but for all this complaining, you'd think somebody would do something about it.

      [ Parent ]

      • Re:like object oriented? (Score:5, Interesting)

        by Josef Meixner (1020161) on Tuesday October 02, @03:47AM (#20820669)
        (http://blog.fairies-unlimited.net/)

        At some point, you have to deal with the fact that there is going to be some overhead in dealing with an object-oriented approach. Even if the significance is near 0, the scheduler is pushing operations on the CPU on an incredibly large scale, which might show its ugly face in performance. IMHO, it wouldn't, but I guess Linus knows better than I...

        Ahh, the "when in doubt claim OO is expensive" defense. Please tell me, how long does a modern CPU need to take a branch to an address in a well known fixed memory cell which is guaranteed to be in L1-cache? Do you think it is longer than a conditional branch needed to handle the case single core dual core? Is it longer than the combined times needed to additionally handle the case one CPU-chip two CPU-chips? I don't know, I haven't done the measuring, but I have doubts the first is the slowest as the opcode scheduler should be able to handle the first and especially has the advantage of an always taken jump. We are heading in a parallel future, there are scheduling differences between single core/dual core and single CPU/multiple CPU. Why on earth should the scheduler written for the most complicated case (it has to handle cases like one dual core and two triple cores and one quad core efficiently or it is not the best scheduler, no?) be more efficient than a single core scheduler on a machine with only a single core? Or are the benchmarks "tweaked" so the first is the "right" case to benchmark?

        As written by multiple posters, yes, you can get benchmark results for schedulers, but what is the correct benchmark? Is it the maximum throughput model you don't want to have as a desktop box or the minimum waiting time for interactive jobs you don't want on a compute server? And if you need numbers to come up with the best security model, count line numbers, it is about as relevant.

        [ Parent ]
      • Re:like object oriented? by marcosdumay (Score:2) Tuesday October 02, @08:29AM

  • Cold Hard Engineering Measurement, or Science? (Score:3, Interesting)

    by Alexander (8916) on Monday October 01, @07:21PM (#20817909)
    (http://www.alexhutton.com/)
    I think Linus may want to think hard about creating a distinction there.

    ``...the subjectivist states his judgments, whereas the objectivist sweeps them under the carpet by calling assumptions knowledge, and he basks in the glorious objectivity of science.'' - I.J. Good

  • I stopped reading TFA (Score:2, Interesting)

    by kwabbles (259554) on Monday October 01, @07:29PM (#20817975)
    The moment I saw the word "scheduler".

    Damn I'm sick of scheduler FUD. It makes its way into every single linux conversation now, now matter how unrelated.

  • What about (Score:5, Funny)

    by sokoban (142301) on Monday October 01, @07:32PM (#20817993)
    (http://slashdot.org/)
    That hot chick on Television who asks if I have worms, and sells antivirus software. That's one pluggable security model right there.
    • Re:What about by goombah99 (Score:2) Monday October 01, @08:50PM
    • Re:What about by ScrewMaster (Score:2) Monday October 01, @10:44PM
    • 1 reply beneath your current threshold.

  • yawn (Score:1)

    by kennedy (18142) on Monday October 01, @07:39PM (#20818049)
    (http://accessdenied.org/)
    c'mon - this is open source.

    why not have both? linux-smack and linux-selinux could co-exist. fork the kernel and find some people to maintain an selinux fork - there has to be some out there if there's front-page worthy drama going on...

    How's THAT for a pluggable security model?!

    (yeah i rtfa'ed... lulz)

  • Language abuse (Score:1)

    by midnighttoadstool (703941) on Monday October 01, @07:40PM (#20818055)
    "Wanking" is rough-slang English from England, and means 'masturbating'. But Torvalds sure ain't one of us.

  • If you read all of it ... (Score:5, Informative)

    by golodh (893453) on Monday October 01, @07:44PM (#20818085)
    Perhaps if people read all of Linux's email they would be more understanding and less quick to condemn him.

    His complete email reads:

    Schedulers can be objectively tested. There's this thing called "performance", that can generally be quantified on a load basis.

    Yes, you can have crazy ideas in both schedulers and security. Yes, you can simplify both for a particular load. Yes, you can make mistakes in both. But the *discussion* on security seems to never get down to real numbers.

    So the difference between them is simple: one is "hard science". The other one is "people wanking around with their opinions".

    If you guys had been able to argue on hard data and be in agreement, LSM wouldn't have been needed in the first place.

    BUT THAT WAS NOT THE CASE.

    And perhaps more importantly:

    BUT THAT IS *STILL* NOT THE CASE!

    Sorry for the shouting, but I'm serious about this.

    Al I alone in thinking that Linux basically says:

    "Look I'm no security expert, and I'd be happy to follow your collective expert guidance if only:

    (a) you could quantify what you're saying and turn it into engineering instead of a religious argument

    (b) the lot of you could agree on *one* set of guidelines/features as being best all-around

    Unfortunately it appears you can't do either. That being so, I'm not going to burn my fingers and blindly choose one security boondoggle over all the others. I'll just make them pluggable so that every one of you can have his own personal security system. End of discussion. Now go away and be happy."

  • Good. (Score:1, Offtopic)

    by crhylove (205956) <rhy@leperkhanz.com> on Monday October 01, @08:01PM (#20818225)
    (http://www.leperkhanz.com/ | Last Journal: Wednesday October 01 2003, @05:17AM)
    I agree with hard science. Here's some more hard science:

    The kernel kicks ass.

    We need better apps for Linux.

    I can't videoconference, edit videos, make mp3s, play video games or make a slideshow in Linux. How about a couple of kernel devs drop off and help Linux go the last mile.

    rhY
    • Re:Good. by webmaster404 (Score:1) Monday October 01, @08:15PM
    • Re:Good. by NullProg (Score:3) Monday October 01, @08:20PM
    • Re:Good. by Salsaman (Score:2) Monday October 01, @08:32PM
    • Re:Good. by Eli Gottlieb (Score:1) Monday October 01, @10:50PM
    • Phew. by crhylove (Score:1) Tuesday October 02, @12:44AM
      • Pidgin by upside (Score:3) Tuesday October 02, @08:41AM
      • 1 reply beneath your current threshold.
    • Re:Good. by MrCopilot (Score:2) Tuesday October 02, @05:18PM
      • Re:Good. by MrCopilot (Score:2) Tuesday October 02, @05:22PM
    • Re:Good. by crhylove (Score:1) Tuesday October 02, @12:56AM
    • 2 replies beneath your current threshold.

  • Bring deRaadt in for a consult (Score:2, Funny)

    by e9th (652576) on Monday October 01, @08:06PM (#20818255)
    I mean, Theo's the security guy, right? I'm sure Linus would have no problem whatsoever agreeing to abide by his decision...

  • Ahem (Score:3, Informative)

    by deblau (68023) <slashdot.25.flickboy@spamgourmet.com> on Monday October 01, @08:38PM (#20818531)
    (Last Journal: Wednesday September 26, @11:11PM)
    Computer security isn't hard science? Someone should point Linus to the Orange Book [wikipedia.org] or the Common Criteria [wikipedia.org].

    • Re:Ahem (Score:5, Insightful)

      by GreatBunzinni (642500) on Tuesday October 02, @01:26AM (#20820139)
      A normalized set of procedures to perform measurements does not a science make. If it was so then phrenology would be almost a pure science.
      [ Parent ]
      • Re:Ahem by mapsjanhere (Score:1) Tuesday October 02, @10:18AM
    • 1 reply beneath your current threshold.

  • Scheduler vs Security Plugins (Score:3, Insightful)

    by NullProg (70833) on Monday October 01, @09:12PM (#20818769)
    (http://slashdot.org/ | Last Journal: Wednesday November 07, @10:21PM)
    Correct me if I'm wrong, wouldn't a security plugin have to be authenticated? That would add a couple of extra layers not required for a scheduler. A "Rock Solid" built in security scheme might be better (Unlike the Windows address relocation method). Linus is correct in the fact that there is a new security method every week. Whats the correct one to choose?

    As for the Linux scheduler, I wouldn't mind a choice in desktop vs server tweak settings in (a) /proc/sys/scheduler (if it existed). RedHat, Ubuntu, SuSE, etc. could set the defaults based on user selection at install (Work Station vs Server).

    Enjoy,

  • irony (Score:2, Informative)

    by cycoj (1010923) on Tuesday October 02, @03:34AM (#20820629)
    I think there's some real irony here. Linus says that scheduling performance is "hard science" therefore it is easy to make a decision. But he did not make his scheduler decision based on "hard science" he based it on personal preference.
    • Re:irony by rawler (Score:1) Tuesday October 02, @12:15PM

  • Wanking (Score:1)

    by olehenning (1090423) on Tuesday October 02, @07:06AM (#20821433)
    Linus Torvalds lecturing other people on wanking with their opinions. That's almost as funny as George Bush talking about education and literacy.

  • I like this guy (Score:1)

    by Dagda (100056) on Tuesday October 02, @11:22AM (#20824549)
    (http://www.crimsonwolf.org/)
    You know, the more I read about Linus and come across his statements, whether others agree with him or not, I do like his frankness.

  • Ecosystem diversity (Score:1)

    by KJACK98 (623902) on Tuesday October 02, @11:59AM (#20825199)
    From a diversity point of view, its better to have a pluggable security architecture, in the event an application and security architecture was able to be compromised it might be limited to that distro (ie. Redhat = SELinux, Ubuntu = AppArmour).

  • The points (Score:1)

    by gryyphyn (1162929) on Tuesday October 02, @12:14PM (#20825401)
    (http://dffaq.blogspot.com/)
    I do agree that he is right. However there are valid arguments on both sides. SELinux's integration with the kernel is a fantastic feature. I haven't seen any overhead as far as system performance, but it makes it difficult to simply work on the system, either directly or in the sense of remote access to resources (files, ssh, etc...). I don't know much about LSM, to be honest, but there are some advantages that I can see off the line. Configuration is much easier and there's less interop problems (again, from the little I've seen). However removing the kernel integration to such a degree may slow system performance. No security implementation should cause a great deal of overhead. Linus made a fantastic point:

    You security people are insane. I'm tired of this "only my version is correct" crap. The whole and only point of LSM was to get away from that. And anybody who claims that there is "consensus" on SELinux is just in denial.
    Fights, arguments and disagreements in the security world will never end. Security people would like nothing more than to close and/or disconnect everything. The question, in my experience, most often voiced by security 'gurus' is "do you really need that?". I'm tired of hearing it. Yes, we do need it. SELinux was developed by the government entities with RedHat. Leave it there. I think we do need something else.
  • please type the word in this image: frontal [lobotomy???]

    This is Slashdot. Nudity.
    [ Parent ]

  • Re:Need to plug goatse (Score:3, Funny)

    by Zathruss (451471) on Tuesday October 02, @02:05AM (#20820285)
    Actually, that would be a security 'hole' now, wouldn't it?
    [ Parent ]
  • 16 replies beneath your current threshold.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2008 SourceForge, Inc.