Security Holes Draw Linux Developers' Ire 477
jd writes "In what looks to be a split that could potentially undermine efforts to assure people that Linux is secure and stable, the developers of the GRSecurity kit and RSBAC are getting increasingly angry over security holes in Linux and the design of the Linux Security Modules. LWN has published a short article by Brad Spengler, the guy behind GRSecurity and it has stoked up a fierce storm, with claims of critical patches being ignored, good security practices being ignored for political reasons, etc. Regardless of the merits of the case by either side, this needs to be aired and examined before it becomes more of a problem. Especially in light of the recent kernel vulnerability debated on Slashdot."
Gee, maybe I should run Novell... (Score:2, Funny)
Maybe I should implement security measures and have a good backup system?
Nah!
This kind of reminds me about all the people telling me you could die while driving a car - no s---, Sherlock! Use common sense.
Get over it (Score:1, Funny)
Re:Time for (even) better security? (Score:5, Funny)
Interesting. [netcraft.com]
Re:Waaah! 3 weeks without an answer! (Score:5, Funny)
I emailed Bill Gates to say that with a tunnelling electron microscope someone could adjust the logic in the CPU and DOS WindowsXP, and he hasn't answered me. Pout!
Re:Patches are in -ac7 (Score:1, Funny)
You don't have to be a ass to do that.
So Gsecurity guy finds a flaw and sends ONE email to report it.
So the e-mail got lost in the shuffle, I'd bet that Linus gets THOUSANDS of e-mails in a week. Hell it could possibly got nailed by spamassasin and never made it to him.
It's fucking stupid to assume that he ignored the issue because security issues are not a big deal.
Linus DOES NOT EQUAL "linux".
There are ways to deal with this sort of thing to get it resolved quickly.
I would expect that e-mailing linus directly with cryptic e-mail titles is going to be about as usefull as e-mailing the pope about a broken window in the vatican.
The whole thing is retarded. One e-mail gets easily lost in the noise.
Re:Time for (even) better security? (Score:3, Funny)
Interesting
I gave up modding for this.
thogard: BURN !!!!
Re:You're basically right, but... (Score:5, Funny)
MS Bob, in the name of userfriendliness, asked you to change the password if you miss-typed it 3 times. No, not if you successfully logged in after mis-typing it 3 times. That's it. Three failed attempts in a row, and you can set a new password.
In all fairness, MS Bob was never intended for corporate use. It can be forgiven for not being very secure, as the only person with access to the console is likely Melinda herself (the last active Bob user).
Re:You're basically right, but... (Score:5, Funny)
Anybody who brings up Microsoft Bob in a Linux vs. Windows discussion not only instantly ends the discussion, but loses whatever their point of view is. Blakey Rat's Law.
Holy shit, you just complained that a product that was on the market for maybe a year and a half a *decade* ago, and intended for children and neophytes on a single-user machine, has bad security because it doesn't enforce passwords strictly? Are you serious?
Are you so divorced from common everyday experience that you:
1) Are still obsessed over Microsoft Bob a decade after it failed and everybody else has forgotten it?
2) Think enough other people are still obsessed over Microsoft Bob that using it in an argument would support your point?
3) That a security hole in Microsoft Bob is even a valid argument?
The saddest part is that I agree with your basic argument. Security on computers, until about Windows 2000, was completely crappy across the board. It wasn't until the 21st century that people really started looking at it and figuring out ways to improve it... and I think that people are still looking in the wrong direction. (We know how to secure computers, more or less, let's work on social engineering.)
Oh well, at least people like you keep Slashdot interesting... but, man, get a grip on reality and hang on for dear life.