[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is this mail list dead?

To: securedistros@nl.linux.org
Subject: Re: Is this mail list dead?
From: Pedro Rosa <Pedro.Rosa@ksu.ru>
Date: Mon, 19 Mar 2001 13:24:49 +0300
References: <Pine.LNX.4.21.0103182051020.13050-100000@imladris.rielhome.conectiva>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@nl.linux.org
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-9mdksmp i686; en-US; 0.8) Gecko/20010216
Rik van Riel wrote:

> On Sun, 18 Mar 2001, Pedro Rosa wrote:
> 
>>> Now if you have _technical_ arguments for why adding things
>>> like audit trails (which can be easily compiled out) would
>>> make Linux a worse OS, please tell them.
>> 
>> Where am I saying that such things make Linux worse. Ok Mr. van Riel
>> get the damn sink clean, get back, read all my posts and take the
>> place where I'm saying such!
> 
> 
> I've read you saying this over and over again.
> What I miss is you telling us any reason WHY this
> would be the case...

First don't play verbality games with me. This is the first time I state 
make such a statement. That's good for politicians but too bad for those 
who had to deal with such scum.
But you have  point, you DO miss the WHY. If you don't see it than it's 
not my problem. But to explain it there is no need to write A+B=C-D and 
present a super-complex scheme with a chart of Linux looking like a 
Black Hole... If you consider that defending your position by calling 
for such things gives you any good, then you are a looser. The A 
problem, the one we meet on user's first encounter with Linux is the way 
they "see" it. That's psychology and has nothing to do with technicities.

Offering a set of security tools gives the user a few "guarantees" of 
security. However we should note two moments. The average user will not 
be ready to use most of these tools. Second, the average user always 
expects that someone will fill this gap for him...

The fact that, for now Linux possess a very primitive set of tools is, 
for experts, a serious gap in security. Correct. But if anyone has 
worked with average users in Linux, then he will note that even the rwx 
permission bits are a Hell to be understood. I have lots of users that 
either open to the whole world their directories or mess with 
restricting permissions, that programs crash on reading the 
"super-secured" files.

Some people may think that this is a problem with Linux. No it's not yet 
a problem. It's a serious problem with users as

They refuse to understand a new/different system
They are unprepared to use the OS
They think everyone or everything is done for them

Note the last one. That's not M$, it's the world and the media. Many 
people expect that the system will stop them, or advise, or correct 
something before getting wrong. Even long-year users suffer of some of 
these deseases. Besides Holywood and cheap articles on computing help to 
cultivate this.

Now what shall we do? Arise Linux security. One point is trying to get 
into the main development trend and convince Linus, Alan and others that 
it is time to seriously think about this. Let's think they agree. So we 
get a few security tools and enforce this stuff into the kernel. Now the 
kernel goes to the distros, the real Linux working horses. What we get 
there? Ads, whoopla, and heap. "It's secure, it's compatible, it's 
certified or near it..." And that M$ suxxx (well it stinks anyway).

But we know how security IS implemented on distros. We know that even 
elementary security rules are deliberately ignored for the sake of 
flexibility. We know that the distros are well filled with holes and the 
kernel barely has anything to do with this. We know that many developers 
need Linux to run, fly and boost and their users barely will need UID 
rules and permissions.

Besides users will run for it, but not for the experts. They will 
install the program and believe that Flask will do everything for you. 
They will be convinced no one will sniff them. Until the first break-in...

And it then occurs that one needs to configure the security stuff, that 
one may need consultation. And one looks at the config files and falls 
in horror - "This is worse than hieroglyphs!" For an expert it may sound 
too harsh. For a simple average user that's what will happen. So he 
NEEDS to call the expert.

However the expert will not find an easy task. "Please I need those 
files... no I'm afraid I can't work, even temporarly, without that 
share... No I like, love, adore this N program and don't wanna use Z, 
please make your security compatible with N".

Well I still didn't have such a case on Linux. But I have half-ton of 
such cases from MazDie's times... And I believe that soon things will 
not get too different here. Yes we are smarter but the crowd is already 
getting inside...

Now let's see the corporate world. There is another problem with 
implementing a strong security system on the main trend of the kernel: 
bosses (not funny, try to deal with such race in rage). A boss worries 
about his company. So he doesn't put Linux as he fears its lack of 
security. But when it comes the "secure linux" he changes ideas. He gets 
burned and asks WHO IS THE DAMN (I)RESPONSIBLE FOR THIS PIECE OF 
TRASH???? If he even gets the right to be heard on the community, we 
will see that everyone will be throwing hats to each other. And that's 
natural because this thing is made by hundreds of thousands of 
developers. And a few such cases will be enough to get Linux status from 
"horrible" to "lower than dog's food". Don't forget the media will be 
point shot ready for this...

So what we get? Nothing but ashes...

So I think that security issues should be treated apart from the main 
development trend. The technical machine is in fact quite gigantic even 
for some advanced users. And we shall note, that even some of the 
present security features in Linux work very badly. You presented in the 
previous letter two examples: BSD accounting and quota. I use them and 
know how horrible they are. BSD accounting is only used for statistics 
as it frequently "forgets" to register every task launched. Quota, in a 
network of 7000 users, gets 30-40 of them with broken data. In cases 
when you have disk space on the edge, such errors nullify quota's use.

So, sincerly, I would take even that out of the main kernel development. 
And give it to a team or organised group of teams who would care only 
and exclusively for Linux security. These teams should care about 
developing a serious, congruent, and solid security architecture. But 
not only. They should also care for the fact that their security schemes 
will be accurately implemented. And besides these teams should be a 
message to users that things are not so simple and one cannot go just 
with a touch of the mouse.

Yes, there is the problem on how to fit the work of these teams with 
Linus commandos. Well, first I think Linus will only hear people who 
show solid determination and organisation. Second I think they would not 
be too worried about security but they would seriously discuss any 
problems of compatibility and modify a few details in the kernel for 
easier implementation.

That's how I see te problem. And I don't speak that this is a great 
scheme, that I'm good or that smart. I'm telling my opinion and it is an 
opinion and not a "get rich today scheme". and it is an opinion that 
comes from working with nearly 7000 DUMB linux users. And it is an 
opinion based on experience with security in a whole series of MazDies 
and *NIXes of different flavours. And it is an opinion that comes out of 
six years on using Linux for very serious purposes and fighting its 
security bugs for nearly 5 years. And there is nothing technical here 
because the problem is not in this area but in the psychology one. We 
may invent a super-upper-security scheme for Linux but if users don't 
know a damn to use it then it will be useless like my car.

And one more thing. I don't know a Hell about sinks. I only know a few 
tools and most of them come from advertising and how "easy' is to clean 
the ##### out of the sink. Yesterday, I tried EVERYTHING I could. 
However all these "super-upper" cleaning tools and instruments were 
useless. So I'm forced to call the expert after loosing a good deal of 
money and having my apartment inundated.... 

And you know what makes me mad? I go to work to get a fresh mind... Open 
the mail... AND THE FIRST THING I SEE IS SOME JERK TELLING ME I'M 
SPEAKING ABOUT SINKS???????????????????????????


> 
> 
> regards,
> 
> Rik
> 
> 


-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/
Follow-Ups:
- Re: Is this mail list dead?
  - From: Jason Murray <j.j.murray@home.com>
References:
- Re: Is this mail list dead?
  - From: Rik van Riel <riel@conectiva.com.br>
Prev by Date: Re: Is this mail list dead?
Next by Date: Re: Is this mail list dead?
Prev by thread: Re: Is this mail list dead?
Next by thread: Re: Is this mail list dead?
Index(es):
- Date
- Thread