Security Models for the Kernel – Harsh Words from Torvalds
A debate on various security models for the Linux kernel has developed on the Linux Kernel Mailing List.
The bone of contention was a suggestion by Andrew Morton to introduce the "Simplified Mandatory Access Control Kernel" (Smack) in kernel 2.6.24. Developer James Morris responded that the decision to introduce Smack had to be seen in the wider context of the kernel's security architecture. He did not criticize Smack itself, but the loadable module LSM, on which Smack is based; however, LSM is only used by SELinux, who also programmed Smack. LSM would have been removed long ago, part from this fact.
Linus Torvalds entered the discussion at this point, responding saying that LSM was staying "You security people are insane. I'm tired of this "only my version is correct" crap. The whole and only point of LSM was to get away from that." Torvalds continues: "I guess I have to merge AppArmor and SMACK just to get this *disease* off the table." Responding to this verbal attack, developer Stephen Smalley objects that Torvalds is normally against loadable schedulers, asking: "Why is security different??"
Torvalds' response is unequivocal: "Schedulers can be objectively tested. There's this thing called "performance" that can generally be quantified on a load basis." He continues, "Yes, you can have crazy ideas in both schedulers and security. Yes, you can simplify both for a particular load. Yes, you can make mistakes in both. But the *discussion* on security seems to never get down to real numbers. So the difference between them is simple: one is "hard science". The other one is "people w****g [expletive deleted] around with their opinions."
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
Linux Kernel Reducing Long-Term Support
LTS support for the Linux kernel is about to undergo some serious changes that will have a considerable impact on the future.
-
Fedora 39 Beta is Now Available for Testing
For fans and users of Fedora Linux, the first beta of release 39 is now available, which is a minor upgrade but does include GNOME 45.
-
Fedora Linux 40 to Drop X11 for KDE Plasma
When Fedora 40 arrives in 2024, there will be a few big changes coming, especially for the KDE Plasma option.
-
Real-Time Ubuntu Available in AWS Marketplace
Anyone looking for a Linux distribution for real-time processing could do a whole lot worse than Real-Time Ubuntu.
-
KSMBD Finally Reaches a Stable State
For those who've been looking forward to the first release of KSMBD, after two years it's no longer considered experimental.
-
Nitrux 3.0.0 Has Been Released
The latest version of Nitrux brings plenty of innovation and fresh apps to the table.
-
Linux From Scratch 12.0 Now Available
If you're looking to roll your own Linux distribution, the latest version of Linux From Scratch is now available with plenty of updates.
-
Linux Kernel 6.5 Has Been Released
The newest Linux kernel, version 6.5, now includes initial support for two very exciting features.
-
UbuntuDDE 23.04 Now Available
A new version of the UbuntuDDE remix has finally arrived with all the updates from the Deepin desktop and everything that comes with the Ubuntu 23.04 base.
-
Star Labs Reveals a New Surface-Like Linux Tablet
If you've ever wanted a tablet that rivals the MS Surface, you're in luck as Star Labs has created such a device.