Announcement

**i386reaper** · 16 May 2013, 06:26 AM

Originally posted by Ibidem View Post

Just updated to 3.8.12.
And...it's interesting that Red Hat backported the bug...

That's just a rare case that gets fixed quickly. Take a look at FreeBSD. They backport bugs on a regular basics.

**i386reaper** · 16 May 2013, 06:35 AM

Originally posted by TheOne View Post

It seems that the increasing linux popularity is bringing many of the risks which Windows suffer.

That cannot happen. Linux is open source and there for billions of people are checking the code and fixing bugs of any type so quickly that a new virus would is unable to cause wide spread infection before the security hole is closed.

In windows, it's closed source so no one but windows developers (who are brainwashed to think that windows is a god and is prefect and therefore has no bugs) can look at the code. So security bugs are rarely fixed. Also, M$ intentionality puts backdoors and bugs for it's agents, NSA and the FBI to hack into it which could be used by viruses as well.

Here's the news report about it:
http://www.youtube.com/watch?v=zADNlKZBqnA

**i386reaper** · 16 May 2013, 06:45 AM

Originally posted by Sergio View Post

These kind of things... History has taugh us again and again that software is inherently buggy (insecure?); it is simply to many 'variables' that it is virtually imposible to escape this reality. It doesn't matter how much effort is put on design, it doesn't matter whether it is Linux, Windows, Solaris, BSD, MINIX, Plan 9, AIX, MULTICS, it doesn't matter if it is 'direct' or managed code...
I think that shifting away from this (apparently) natural issue about software in general requires something radical and essentially new. I hope to be able to see such thing materialize.

It does matter if it is BSD or Minix. Because Linux and even Windows(a little) use modern security measures.

While Minix and especially BSD use security measures that are only effective years ago. take for example (Wide)OpenBSD. It implements security features that were first implemented in Linux 10 years before (Wide)OpenBSD did.

**i386reaper** · 16 May 2013, 06:48 AM

Originally posted by brosis View Post

Yes, like having package manager and being opensource,

Too dispel some myths, BSD has

**varikonniemi** · 16 May 2013, 07:01 AM

The only way to make things like this disappear is to put together a bounty big enough that most crackers will start working for Linux, rather than against it. It should always be more profitable to present a 0-day to the Linux foundation than it is to sell it to criminals.

**gamerk2** · 16 May 2013, 07:49 AM

Originally posted by i386reaper View Post

That cannot happen. Linux is open source and there for billions of people are checking the code and fixing bugs of any type so quickly that a new virus would is unable to cause wide spread infection before the security hole is closed.

Only if its FOUND.

Secondly, Billions of people are not looking at the source code; maybe a few hundred thousand, most focused only on a small part of the kernel they know well. Then theres only a few that actually have an understanding of security and could point out such a hole if they were looking right at it.

I mean, sheesh, HOW long was this hole open for? A few years? Even Oracle closes holes faster then that...

**Ericg** · 16 May 2013, 07:56 AM

Originally posted by gamerk2 View Post

I mean, sheesh, HOW long was this hole open for? A few years? Even Oracle closes holes faster then that...

2years, January of 2011 to April of 2013. Also you can't write it off as "oracle does it faster" because Oracle will KNOW about a hole for 2yrs, then patch it. This bug was IN for 2years, found, and then patched in like a day.

**Sergio** · 16 May 2013, 09:35 AM

Originally posted by i386reaper View Post

It does matter if it is BSD or Minix. Because Linux and even Windows(a little) use modern security measures.

While Minix and especially BSD use security measures that are only effective years ago. take for example (Wide)OpenBSD. It implements security features that were first implemented in Linux 10 years before (Wide)OpenBSD did.

Sure, kraftman.

**mrugiero** · 16 May 2013, 09:43 AM

Originally posted by Sergio View Post

I see that it implements the non-executable bit at the page level; it emulates the functionality if the hardware doesn't support it. The feature SEGMEXEC looks interesting. It also offers ASLR and other things. Overall very interesting. Yet, I found this: "March 4, 2005: VMA Mirroring vulnerability announced, new versions of PaX and grsecurity released, all prior versions utilizing SEGMEXEC and RANDEXEC have a privilege escalation vulnerability".

When I said that something radical was needed, I was thinking more on a complete shift in the way we create computer programs (just to put an example, functional instead of imperative systems programming).

That shift can't be done in the software side, for the cases discussed. It will always reduce to assembly-like logic at the hardware level, and it works in an imperative way. So, the shift must be done at hardware level to be of any use on the OS security side. It can help at the userland security level, as any highest level can, since the more you abstract, the less risky code to be revisited (you must only keep the lowest levels checked, since the highest levels' security depends only on the libraries security).

And well, anything I can say about security was already said by EmbraceUnity.

**i386reaper** · 16 May 2013, 10:21 AM

Originally posted by i386reaper View Post

Too dispel some myths, BSD has

Sorry, there was a typo. I meant to say BSD has none of those.

Announcement

New Linux Kernel Vulnerability Exploited

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment