View previous topic :: View next topic |
Author |
Message |
pathfinder l33t
Joined: 19 Jan 2006 Posts: 731 Location: Barcelona, Spain
|
Posted: Fri Feb 22, 2008 4:46 pm Post subject: should we worry? |
|
|
Hi guys, this question is probably stupid, but since there has been found a flaw in the kernel, I ve thinking of a lot of things related with the open source software.
And these posts must be isolated and hardware related, but I wanted to mention them:
https://forums.gentoo.org/viewtopic-t-665156-highlight-.html
https://forums.gentoo.org/viewtopic-t-665573-highlight-.html
https://forums.gentoo.org/viewtopic-t-665669-highlight-.html
https://forums.gentoo.org/viewtopic-t-665609-highlight-.html
https://forums.gentoo.org/viewtopic-t-665672-highlight-.html
Now, my question: how many users really have a look at the open code? I mean, how many users would be able to check if there s some hidden or subtile security breach?
Would it be possible to drop in many progs some security flaws, then, sleeping killers, and when open source becomes the reference in terms of OS distribution in the world, would it be then factible to wake up those security flaws and create a HUGE mess?
I know I m paranoid, and it sounds really freak. But what if that kernel mistake were intentiously done? This one and others, ready to operate, at some time or another?
Is there a hard security organism that checks every single line of code? Or is this totally impossible?
How many users never ever looked at a code? How many would be able to find a security flaw?...
Enjoy your WE. |
|
Back to top |
|
|
Urban Cowboy n00b
Joined: 09 Oct 2007 Posts: 64
|
Posted: Fri Feb 22, 2008 5:34 pm Post subject: |
|
|
I don't think so. When flaws are discovered, they are reported and subsequently patched.
But yeah.. https://forums.gentoo.org/viewtopic-t-665573-highlight-.html is particularly f'd up. _________________ Anything worth doing is worth over-doing. Moderation is for cowards.
Last edited by Urban Cowboy on Fri Feb 22, 2008 5:37 pm; edited 1 time in total |
|
Back to top |
|
|
i92guboj Bodhisattva
Joined: 30 Nov 2004 Posts: 10315 Location: Córdoba (Spain)
|
Posted: Fri Feb 22, 2008 5:36 pm Post subject: Re: should we worry? |
|
|
Quote: |
Hi guys, this question is probably stupid, but since there has been found a flaw in the kernel, I ve thinking of a lot of things related with the open source software.
|
I would not say "stupid", but it is certainly based on smoke. Vulnerabilities are discovered every day in the kernel and in many other pieces of software, just use glsa-check. This latest one is not different in any regard. I don't know why people are so worried about it. The difference, is that here they are discovered and fixed. While on some other OSes they are not, and that's why you don't see it (or maybe it is just because these other OSes are perfect, who knows? ).
pathfinder wrote: |
Now, my question: how many users really have a look at the open code? I mean, how many users would be able to check if there s some hidden or subtile security breach? |
Probably, every big enterprise using linux on their servers. There're lot os enterprises that makes security audits for the kernels and servers that they use. And there are quite a lot, don't forget apache, php, mysql, sendmail and many other. Particulars also do to some extent. In addition, there are literally hundreds of kernel hackers acting on their own, revising the code, and making custom patchsets: all of these read, change and understand the linux kernel code. By the way: the linux kernel devs are not gods nor separate entities. You can become one if you wish with enough dedication, and the whole process is open, and the kernel lists have an amazing amount of traffic. If you subscribe to them you will see what I mean, and you will see how ridiculous your theory is. I used to get around 300-500 mails a day on that list, and sometimes even more. So: no, you can never be 100%. But with a closed source OS you are actually 0% sure, because you can't look at the code at all.
So, I can't get your point at all. Even if the security is not 100%, it is far far more than you can get with any closed source product. So, what are you asking about?
Quote: | Would it be possible to drop in many progs some security flaws, then, sleeping killers, and when open source becomes the reference in terms of OS distribution in the world, would it be then factible to wake up those security flaws and create a HUGE mess?
|
Theoretically, and technically, it is also possible that someone called Darth Vader comes one day on a space ship with a light saber to visit us. Possibly... but I'd say it's higly improbable... well, maybe not the for the light saber part. It's much more probable that such a treat is hidden into a closed source system that is much much much more extended world-wide, can you see the logic?
Quote: | I know I m paranoid, and it sounds really freak. But what if that kernel mistake were intentiously done? This one and others, ready to operate, at some time or another?
|
This is the well-known argument in the philosophy of the last centuries. What if we are just the product of someone else's imagination? (Read "Sophia's world" from Jostein Gaarder or whatever it's called in English, just as an example). Well, if that's the case, there's no place for safety in this whole world, and as such, you shouldn't worry either, because we are already damned.
Quote: | Is there a hard security organism that checks every single line of code? Or is this totally impossible?
How many users never ever looked at a code? How many would be able to find a security flaw?...
|
By this same logic, there would be a need for another organism to control the control organism. That logic is flawed. It is precisely the fact that the security audits are not centralized, which guarantees that no one (unless s/he has god-like powers) can control it to his/her will.
I would just go on holidays and use windows for a while, then you will come back a lot more relaxed
EDIT. Take the whole post with a grain of salt. I wrote it in a semi-humoristic fashion |
|
Back to top |
|
|
kernelOfTruth Watchman
Joined: 20 Dec 2005 Posts: 6111 Location: Vienna, Austria; Germany; hello world :)
|
|
Back to top |
|
|
Sven Vermeulen Retired Dev
Joined: 29 Aug 2002 Posts: 1345 Location: Mechelen, Belgium
|
Posted: Fri Feb 22, 2008 9:15 pm Post subject: Re: should we worry? |
|
|
pathfinder wrote: |
Would it be possible to drop in many progs some security flaws, then, sleeping killers, and when open source becomes the reference in terms of OS distribution in the world, would it be then factible to wake up those security flaws and create a HUGE mess?
|
I don't see why this is open source related. The same can be said by closed-source software, and it'll be much harder to find out. _________________ Please add "[solved]" to the initial topic title when it is solved. |
|
Back to top |
|
|
NathanZachary Moderator
Joined: 30 Jan 2007 Posts: 2598
|
Posted: Fri Feb 22, 2008 10:57 pm Post subject: |
|
|
As already mentioned, it is possible that ANY program can have data miners, callbacks, and other threats to security coded into them. However, it will be much more noticeable in open source software than in closed-source. _________________ “Truth, like infinity, is to be forever approached but never reached.” --Jean Ayres (1972)
---avatar cropped from =AimanStudio--- |
|
Back to top |
|
|
pathfinder l33t
Joined: 19 Jan 2006 Posts: 731 Location: Barcelona, Spain
|
Posted: Sun Feb 24, 2008 2:08 pm Post subject: |
|
|
ok guys ok
wowowowowowow it s ok, it was stupid. No need to crucify me, I just asked... You answered. It s ok. I m really happy for your answers, but ok, sorry if I annoyed anyone. I ll ask dark vador to come and kill me before anyone else
you know, i felt stupid asking, i thenked the Chat thing for the posting... otherwise I would have never asked such a thing. But now, you know, I feel EVEN MORE Stupid than before. Fresh air. Wow. I ll go out for a while in my spaceship and try to find a place where no one remembers me
|
|
Back to top |
|
|
NathanZachary Moderator
Joined: 30 Jan 2007 Posts: 2598
|
Posted: Sun Feb 24, 2008 6:20 pm Post subject: |
|
|
pathfinder wrote: | ok guys ok
wowowowowowow it s ok, it was stupid. No need to crucify me, I just asked... You answered. It s ok. I m really happy for your answers, but ok, sorry if I annoyed anyone. I ll ask dark vador to come and kill me before anyone else
you know, i felt stupid asking, i thenked the Chat thing for the posting... otherwise I would have never asked such a thing. But now, you know, I feel EVEN MORE Stupid than before. Fresh air. Wow. I ll go out for a while in my spaceship and try to find a place where no one remembers me
|
I wasn't trying to make you feel stupid at all. I'm sorry if it came off that way; it wasn't a stupid question. _________________ “Truth, like infinity, is to be forever approached but never reached.” --Jean Ayres (1972)
---avatar cropped from =AimanStudio--- |
|
Back to top |
|
|
Voltago Advocate
Joined: 02 Sep 2003 Posts: 2593 Location: userland
|
Posted: Sun Feb 24, 2008 6:51 pm Post subject: Re: should we worry? |
|
|
Sven Vermeulen wrote: | I don't see why this is open source related. The same can be said by closed-source software, and it'll be much harder to find out. |
I completely agree. From the comsumer perspective, the only thing that is better for closed source software when some big screw-up happens is that you've got a support hotline number where you can call and scream your head off for $0.99/minute.
So the bottom line here is IMO: Yes, we should worry. But so should everybody else...
Last edited by Voltago on Sun Feb 24, 2008 11:43 pm; edited 1 time in total |
|
Back to top |
|
|
jcat Veteran
Joined: 26 May 2006 Posts: 1337
|
Posted: Sun Feb 24, 2008 10:09 pm Post subject: |
|
|
Sounds like all the issues referenced in the top post are hardware issues a one possible security breach of some kind (yet to be determined).
It seems clear to me that even the most "secure" and trustworthy OS can be insecure or broken in the wrong hands (unless you're just unlucky and discover a bug or security hole). *NIX is inherently more secure than Windows, even if only because the vast majority of viruses and Root Kits are written for windows! That's were most of the "hackers" market is.
Cheers,
jcat |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|