Published in News

Torvalds rants about security

by on21 November 2017

It is not about security it is about bugs

Internet’s Mr Sweary, Linus Torvalds, has waded into the security industry for forgetting that bugs cause most problems.

What set Torvalds off was a security developer who came up with a bit of code which killed off processes if something went wrong. The move is part of a “hardening project” of which Torvalds is no fan.

Ranting on the Linux developers forum, Torvalds said that it was unacceptable that security people thought they could set magical new rules, and then make the kernel panic when those new rules were violated.

“That is pure and utter bullshit. We've had more than a quarter century without these rules, you don't then suddenly waltz in and say 'oh, everybody must do this, and if you haven't, we will kill the kernel'".

Security people need to repeat a mantra "security problems are just bugs" and internalise the concept instead of mocking it.

The important part about "just bugs" is that you need to understand that the patches you then introduce for things like hardening are primarly for DEBUGGING, he said.

“I'm not at all interested in killing processes. The only process I'm interested in is the _development_ process, where we find bugs and fix them”, he spat.

“As long as you see your hardening efforts primarily as a "let me kill the machine/process on bad behaviour", I will stop taking those shit patches. I'm deadly serious about this.

“Some security people have scoffed at me when I say that security problems are primarily "just bugs". Those security people are f*cking morons… If you don't see your job as "debugging first", I'm simply not interested.”

Torvalds said that the hardening project needs to really take a good look at itself in the mirror as its primary focus right now seems to be "let's kill things for bugs".

“Stop this idiotic "kill on sight, ask questions later", he wailed.


Last modified on 21 November 2017
Rate this item
(0 votes)

Read more about: