[Cryptography] Use Linux for its security

Theodore Ts'o tytso at mit.edu
Fri Sep 30 17:04:58 EDT 2016 

On Fri, Sep 30, 2016 at 09:30:50AM -0400, J.M. Porup wrote:
> The problem is political, not technical.
> 
> The solutions you outline are difficult but technically achievable.
> That is clear. The real problem is the current governance structure
> of Linux.
> 
> No one could reasonably accuse Linus Torvalds of poor stewardship, and
> certainly not of a lack of good intentions. But the benevolent
> dictatorship model is creaking under the strain.

It's a lot bigger than just political.  After all, if someone wants an
operating system that prioritizes security above all else, there are
plenty of other alternatives.  OpenBSD for example.  Or Brad
Spengler's patch set.

That fact that many people have chosen Linux is for a very wide
variety of reasons, but many of these people care about many things
beyond Security, and might not be happy of we (for example) traded
away a factor of ten of performance in the name of security.  Or if we
broke backwards compatibiity with Unix/POSIX progams in the name of
securiy.

Linux and the other kernel maintainers are stewards for all
stakeholders who care and who use Linux, and that means we won't take
hacks to satisfy just one narrow special interest, whether that is
support for large enterprise databases, or mobile handsets.  That
means that we ask people proposing patches to go back and make it
better and more general, so it can support a wide variety of use
cases, or doesn't compromise scalability, or performance, etc.  Brad
Spengler wasn't willing to make those changes, and so his changes
didn't go in.

The difference with the current kernel-hardening effort is that they
they are willing to see if there are ways to provide the security but
with a much smaller impact (whether that be performance, or not
breaking compatibility, etc.).  They are also willing to break the
work about into small chunks, and to approach the problem as one of
continuous, incremental improvement.  And so the various security
features *have* been entering into the mainline Linux kernel over the
past year.

But hey, if you think you can do better, the whole *point* of Open
Source is that you are always free to fork the kernel, and make your
own version of Linux.  But then it's up to you to convince other
people to contribute to your fork, and to convince users, companies,
etc., to use your fork.  Or you can try to get everyone to use Open
BSD.  Or Minix3.  And you may find that not everyone shares your
"Security uber alles" philosophy.

Regards,

						- Ted

More information about the cryptography mailing list