Linux security draws heated discussion
Link: Linux security draws heated discussion
On Friday, iSec reported in Linux kernel uselib() privilege elevation of a serious vulnerability, which sees local users able to gain root privileges via binary format loaders’ uselib() functions in Linux kernels 2.4 to 2.6.
Now Brad Spengler, of Linux Weekly News and the linux security development project GRSsecurity has launched a strong attack on the development of the Linux Security Modules development project.
In his LWN article grsecurity 2.1.0 and kernel vulnerabilities and Why doesn’t grsecurity use LSM?, he attacks what he sees as a narrow approach to security, and especially to what he sees as the critical failure of the LSM to tackle the very security issues it is designed to actually deal with.
This comes at a critical time when many businesses are now looking beyond Microsoft’s string of public failings on security issues to possible open source alternatives. And while open source has always suffered from a perception of being disorganised and lacking accountability from a business perpsective, the threat of current and future security problems already being compiled into the kernel may yet make companies think three times before investing in an IT framework on linux distros.
Until the row over security implementation on the linux kernel are addressed to the satisfaction of the linux developer community, it is hard to see how this latest development can instill business confidence in alternative options to Microsoft.