On Tue, Dec 06, 2011 at 04:03:17PM -0800, Greg KH wrote:
On 06/12/11 16:10, Brian K. White wrote:
Having a lot lot of stuff exposed and believing that it's all ok is fundamentally less secure than not exposing anything in the first place.
So, what you are really saying is that you don't trust the kernel developers to get things right?
Seriously, I've yet to see one specific example of a debugfs file that is "unsafe" in todays kernel. I understand the wish for some people to "control the exposed area", but if I take that to its logical conclusion, the same people will want the option to disable system calls that they feel no one should ever use as well?
Of course you fixed all known issues. (here are some: http://openwall.com/lists/oss-security/2011/02/22/4 http://www.openwall.com/lists/oss-security/2011/01/24/5 ) The kernel developers so far fixed the ones that appeared in good time and quality (well, except for by CVE documentation, but thats another topic). The problem with security problems is however also the time window between those 4 steps in the timeline: "Blackhats know it and exploit it" "The kernel community knows it and has fixed it" "The distributors have shipped the fix" "The admins have deployed the fix" which usually are counted in weeks if not months or years. So avoiding security bugs altogether is even better then getting them fixed fast for all including the system admins. Reducing the attack surface is one method, even if there are no known issues. That I have 504 fixed kernel security bugs in my bugtracker is perhaps one point explaining my insistence on reducing the attack surface. That 33 are open and yet to be fixed in my bugtracker is also not helping.
I still see this whole thing as basic "fear of the unknown". To solve that, make it "known". Seriously, audit the code, it's there for all to see. If you see problems with it, it will be fixed.
"principle of least privilege" is probably the better wording. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org