Linux's Security Through Obscurity

Linux's Security Through Obscurity 215

Posted by CmdrTaco on Thursday July 17, 2008 @09:31AM from the we-all-do-it-sometimes dept.

An anonymous reader writes "The age-old full disclosure debate has been raging again, this time in no other place than at the foundations of the open-source flagship GNU/Linux operating system: within the Linux kernel itself. It beggars belief, but even Linux creator, Linus Torvalds, has advocated against the sort of openness on which Linux has thrived, arguing that security fixes to the kernel should be obscured in changelogs, saying 'If it's not a very public security issue already, I don't want a simple "git log + grep" to help find it.' Unfortunately, it's not kernel exploit writers who need to grep the changelog in order to find kernel vulnerabilities. On the contrary, it's downstream distributors who rely on changelog information in order to decide when to patch the kernels of their distributions, in order to keep their users safe."

Linux's Security Through Obscurity

This discussion has been archived. No new comments can be posted.

Search 215 Comments Log In/Create an Account

Comments Filter:

"Sorry for RTFA"? (Score:5, Funny)

by argent ( 18001 ) writes: <peter@slashdot . ... t a r o nga.com> on Thursday July 17, 2008 @09:45AM (#24227233) Homepage Journal

*snort*
And I thought I'd seen every variant on the usual Slashdot in-jokes.
You win a gold star.

Re:The idealistic young become the cynical old. (Score:5, Funny)

by neuromancer23 ( 1122449 ) writes: on Thursday July 17, 2008 @09:48AM (#24227283)

"Get off my lawn!" - Linus Torvalds

Re:The idealistic young become the cynical old. (Score:5, Funny)

by TheGreek ( 2403 ) writes: on Thursday July 17, 2008 @10:34AM (#24227847)

Not all security-related bugs are easily identifiable as such. And even if they were, and then they were marked as such, do you really want the changelog easily greppable by them?
"Dear God, won't somebody please think of the children?"

Re:There is a great quote in the thread (Score:3, Funny)

by dotancohen ( 1015143 ) writes: on Thursday July 17, 2008 @10:38AM (#24227891) Homepage

http://thread.gmane.org/gmane.linux.kernel/706950 [gmane.org]
I think the OpenBSD crowd is a bunch of masturbating monkeys, in
that they make such a big deal about concentrating on security to the
point where they pretty much admit that nothing else matters to them.
http://img136.imageshack.us/img136/7451/poster68251050mx9.jpg [imageshack.us]

Re:Linus does not mean obfuscation (Score:3, Funny)

by x2A ( 858210 ) writes: on Thursday July 17, 2008 @10:39AM (#24227907)

I would say that those people are the vulnerability and they're the ones that need patching. Not all vulnerabilities of a system are in the code!

Re:The idealistic young become the cynical old. (Score:5, Funny)

by dotancohen ( 1015143 ) writes: on Thursday July 17, 2008 @10:41AM (#24227929) Homepage

"Dear God, won't somebody please think of the children?"
Actually, as a kernel issue, this affects all the system threads.

Re:Linus does not mean obfuscation (Score:3, Funny)

by Davorama ( 11731 ) writes: on Thursday July 17, 2008 @02:28PM (#24231301) Journal

Haven't you seen Tron?

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Linux's Security Through Obscurity 215

Linux's Security Through Obscurity More Login

Linux's Security Through Obscurity

"Sorry for RTFA"? (Score:5, Funny)

Re:The idealistic young become the cynical old. (Score:5, Funny)

Re:The idealistic young become the cynical old. (Score:5, Funny)

Re:There is a great quote in the thread (Score:3, Funny)

Re:Linus does not mean obfuscation (Score:3, Funny)

Re:The idealistic young become the cynical old. (Score:5, Funny)

Re:Linus does not mean obfuscation (Score:3, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot