Linus Torvalds on SELinux - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

How would you rate the importance of default settings in security?

	Critical
	Very Important
	Important
	Useful
	Not important

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Advisory Watch: July 4th, 2008

Linux Security Week: June 30th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Linus Torvalds on SELinux

User Rating:

How can I rate this item?

Source: Kernel Trap - Posted by Ryan Berens

Continuing his outspoken nature, Torvalds reigns in on the issues between LSM and SELinux. The argument as to which method should be the foundation, is being hotly debated. "You security guys are insane..." Torvalds states. What's he judging? the value of SELinux as the framework (maybe it's good, maybe it's not) or something else?

Why are security experts the focus? It seems here, that Torvalds is focusing on the source, not the content or issue itself.

Aren't we past that?

Read this full article at Kernel Trap

Comments

Maybe it's obvious, but...

Written by Michael L on 2007-10-03 12:50:09

Linus was not defending SELinux at all, nor was he calling out security folks in general. He was reacting (in his usual subtle manner) to the implied suggestion that something other than the Linux Security Modules framework should be added to the kernel. He felt that SELinux's association with LSM was what inspired this idea and that the security-focused kernel devs tend to fall prey to the "Not Invented Here" syndrome. I think that it's a huge stretch to equate his comments with an aspersion against all security professionals, particularly given the context. Speaking of context, this post seems to be completely bereft of it, which is not very useful for forstering understanding but is quite beneficial when one attempts to frame an issue in a very narrow manner.

I'm sure that we've all read Linus' comments regarding resiserfs4, gnome, etc. As far as I know, no one took those to mean that Linus hates all filesystem or desktop developers and industry insiders.

Interesting but I'm not sure I agree

Written by Ryan b. on 2007-10-03 14:37:04

"(in his usual subtle manner)"

This is problematic. By nature, you are viewing his comments with this context - the assumption of disposition - determining his position based on your view of all his previous statements.
This context is not always given.

My point is that I would have liked to see his comments devoid of this completely. In reality, Linus is a spokesman as much as he is a developer. His words (and opinions, views) carry weight most of ours do not have. This puts him in a position where he can drive an issue without always having to cover every aspect (even if it has/has not been beaten dead). In other words, he took the lazy way out.

Do I think he was disrespecting the security field? No.

Do I think he used a percieved disposition (insane security) to help market his point? Absolutely. The main issue, is I would have liked to see him do it without resorting to this.

That's the point. Whether I can assume the context you already "know" is irrelevant. I'm taking him at face value based on what results from what he said.

Linus, role-models and geek cannabilism

Written by Michael L. on 2007-10-03 21:29:28

Without a doubt, Linus is a spokesman for Linux. However, expecting him to censor himself in a venue such as the LKML (where he truly is the BDFL) elevates him to the position of a role-model. a burden that he did not seek and that he definitely does not deserve. Unlike many FLOSS advocates, Linus is not looking to conquer the world. He is continuing his development of Linux for the same reason that he started it: to create something technically great and to share it with others. St. Ignatius (Stallman) he ain't, but he never claimed to be a holy man.

Let's be clear here....I'm not a Linus fanboy. I frequently cringe at his harsh responses on mailing lists (most often on the LKML) and I wouldn't handle things in the same way. However, my sensibilities are not his concern when he is posting to a list dedicated to the software that is the center of his efforts (for another example, see Theo De Raadt's posts to OpenBSD lists). Is this the right way to handle things? I would say no, but my opinions are particularly irrelevant when applied to a specialized, somewhat cloistered and closed venue that exists for a single purpose....further the technical growth of Linux as determined by the core developers. My own wishes for a more charismatic spokesman are simply beside the point. My friends who use Gnome for their desktop environment (a target of Linus' vitriole) understand that the man does not exist to further our own ideas about what he should be. Rather, he is most important playing the role that we know him for: making Linux the best OS that it can be. Is he an a**hole at times? Yes, but I am more concerned about the technical merit of what he produces. Those looking for nuance and balance should look elsewhere than the Linux Kernel Mailing List. Kernel security may have been the topic du jour, but "marketing" is not a subject that Linus has to concern himself with on that mailing list. Others must market their ideas to him, but the reverse is simply not true.

Had he not used the word "security" in an overly general way I doubt that any mention of this episode would have made it to this (excellent) site. By your own admission, you accept that he was not attempting to smear security professionals in general. So where's the crime? At the least, when addressing such issues please provide some context to and try not to isolate the most inflammatory elements, potentially furthering misunderstanding in your readers. In my quite humble opinion, one should not decry unfairness and simultaneously show only a miniscule snippet of the truth.

Written by Lee on 2007-10-04 04:01:38

Everyone has to censor themselves. It's called being an adult.

speaking of nuance...

Written by Michael L. on 2007-10-04 12:33:13

>Everyone has to censor themselves. It's called being an adult.

So your patterns of communication don't change based on the recipients of said communiction? Interesting. I think I'll remain "childlike," though, as I have no desire to speak to my wife in the same pain-staking manner as I do the top executive at my place of employment.

lost in transation

Written by fak3r on 2007-10-08 12:02:30

Linus is giving his opinion again, and in the long run that's a good thing. What I think is lost here is the varying success of projects like LSM, SELinux and grsecurity. From a user's standpoint I hardly think they'll be able to tell the difference, but as a sysadmin, which way should they look to secure t heir system? Use one of the above examples, or just install a minimal Debian box with sane/defaults for security, while keeping things up to date? Really, how much should we worry about kernelland security, instead of focusing on the gateways of the trouble, and armor the apps/services instead?

Write Comment
Please keep the topic of messages relevant to the subject of the article. Personal verbal attacks will be deleted. Please don't use comments to plug your web site.. Such material will be removed.
Name:
Title:
Comment:
Code:*

< Prev		Next >

Partner:

Latest Features

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Meet the Anti-Nmap: PSAD

Open Source Tool of February: Nmap!

HowTo: Secure your Ubuntu Apache Web Server

Yesterday's Edition

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital