Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262342AbVAZQLk (ORCPT ); Wed, 26 Jan 2005 11:11:40 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262341AbVAZQLL (ORCPT ); Wed, 26 Jan 2005 11:11:11 -0500 Received: from fw.osdl.org ([65.172.181.6]:64685 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S262344AbVAZQKh (ORCPT ); Wed, 26 Jan 2005 11:10:37 -0500 Date: Wed, 26 Jan 2005 08:09:33 -0800 (PST) From: Linus Torvalds To: Jesse Pollard cc: linux-os , John Richard Moser , dtor_core@ameritech.net, Bill Davidsen , Valdis.Kletnieks@vt.edu, Arjan van de Ven , Ingo Molnar , Christoph Hellwig , Dave Jones , Andrew Morton , marcelo.tosatti@cyclades.com, Greg KH , chrisw@osdl.org, Alan Cox , Kernel Mailing List Subject: Re: thoughts on kernel security issues In-Reply-To: <05012609151500.16556@tabby> Message-ID: References: <1106157152.6310.171.camel@laptopd505.fenrus.org> <41F6A45D.1000804@comcast.net> <05012609151500.16556@tabby> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1192 Lines: 26 On Wed, 26 Jan 2005, Jesse Pollard wrote: > > And covering the possible unknown errors is a good way to add protection. I heartily agree. The more we can do to make the inevitable bugs be less likely to be security problems, the better off we are. Most of that ends up being design - trying to avoid design decisions that just drive every bug to be an inevitable security problem. The biggest part of that is having nice interfaces. If you have good interfaces, bugs are less likely to be problematic. For example, the "seq_file" interfaces for /proc were written to clean up a lot of common mistakes, so that the actual low-level code would be much simpler and not have to worry about things like buffer sizes and page boundaries. I don't know/remember if it actually fixed any security issues, but I'm confident it made them less likely, just by making it _easier_ to write code that doesn't have silly bounds problems. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/