Linus Torvalds on security: 'Do no harm, don't break users'

Fixing for the sake of security alone means 'all your work was just masturbation'

Linus Torvalds has offered a lengthy explanation of his thoughts on security, in which he explained a calmer and more detailed version of his expletive-laden thoughts on the topic earlier this week.

Torvalds was angry that developers wanted to kill dangerous processes in Linux, a measure that would have removed potential problems but done so in ways that users may not have enjoyed.

His long post on the matter suggested to security practitioners that “'Do no harm' should be your mantra for any new hardening work.”

“And that 'do no harm' may feel antithetical to the whole point,” Torvalds adedd. “You go 'but that doesn't work - then the bug still exists.' But remember - keep your eye on the endpoint, and that this is just the first step. You need to not piss off users, and you need to not piss of developers.”

Torvalds explained that the kind of security person he does not like thinks “the big win is when the access is _stopped_.”

“But from a developer standpoint, things _really_ are not done. Not even close. From a developer standpoint, the bad access was just a symptom, and it needs to be reported, and debugged, and fixed, so that the bug actually gets corrected,” he added. “So from a developer standpoint, the end point of hardening is just the starting point, and when _you_ think you're done, we're really only getting started.”

The Linux overseer added that when hardening efforts see a process or feature disabled, users see it as “just a latent bug that got exposed.”

“And the keyword here is that it was _latent_, and things used to work, and the hardening patch did something - probably fairly drastic - to turn it from 'dangerous' to 'benign' from a security perspective.”

“So from a user standpoint, the hardening was just a big nasty annoyance, and probably made their workflow _break_, without actually helping their case at all, because they never really saw the original bug as a problem to begin with.”

Torvalds' post explained his view that “... the number one rule of kernel development is that 'we don't break users'.”

“Because without users, your program is pointless, and all the development work you've done over decades is pointless.”

“Because in the end, those users really do matter. Without those users, your system may be 'secure', but all your security work was still just masturbation. You didn't do anything useful at all in the end.”

Torvalds therefore outlined his preferred way of working, which involves security people reporting issues first, so that kernel developers can address them root and branch as they update Linux.

“All I need is that the whole 'let's kill processes' mentality goes away, and that people acknowledge that the first step is always 'just report',” he wrote, then concluded with “Do no harm. Please.” ?


Biting the hand that feeds IT ? 1998–2017

<option id="haujiCA"></option>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"><small id="haujiCA"></small></acronym><tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"></acronym><acronym id="haujiCA"></acronym><rt id="haujiCA"></rt>
<acronym id="haujiCA"><optgroup id="haujiCA"></optgroup></acronym>
<acronym id="haujiCA"></acronym>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<rt id="haujiCA"></rt>
  • 325735831 2018-01-17
  • 162536830 2018-01-17
  • 48476829 2018-01-17
  • 804110828 2018-01-17
  • 74358827 2018-01-17
  • 613608826 2018-01-17
  • 955358825 2018-01-17
  • 318587824 2018-01-17
  • 196263823 2018-01-17
  • 409554822 2018-01-17
  • 765918821 2018-01-17
  • 179475820 2018-01-17
  • 49709819 2018-01-17
  • 376285818 2018-01-17
  • 299958817 2018-01-17
  • 686135816 2018-01-17
  • 197409815 2018-01-17
  • 734421814 2018-01-17
  • 33320813 2018-01-17
  • 159501812 2018-01-17