Dailydave mailing list archives
Re: Brad gets real!
From: Shawn Webb via Dailydave <dailydave () lists aitelfoundation org>
Date: Mon, 6 Jul 2020 15:06:19 -0400
On Mon, Jul 06, 2020 at 11:37:13AM -0700, Dave Aitel via Dailydave wrote:
https://www.youtube.com/watch?v=F_Kza6fdkSU So I wanted to highlight this talk from Brad Spengler about the state of Linux security. It's a damning report if you read even a little bit between the lines. And on many levels. As Halvar points out, Android deliberately avoided investing what they knew they needed to invest in platform security in the effort to gather significant early market share, even knowing it would harm their user-base in a multitude of ways. And this kind of philosophical trade off taken by companies filters into the Linux security ecosystem, creating Ogres of various sorts, like Calamity Gannon's corruption of various parts of Hyrule. For example, phones often run on an older Linux kernel, which means there is economic incentive to backport features and security fixes to those kernels, or pretend you can. Likewise, much of the effort of the Linux security community is focused on KASLR, which Brad points out, is largely a waste of time. He also talks about Syzkiller, automated exploit generation, and a host of other things. Well worth a listen!
It's also hard to innovate without a userland that is tightly integrated with the kernel (like the BSDs). On the BSD side, we're able to ship an entire ecosystem with exploit mitigations applied because a basic userland is shipped and integrated with the kernel. The way in which the BSDs are structured enables innovation across the entire ecosystem. We at HardenedBSD are able to test and deploy exploit mitigations across the base operating system in addition to 33,000+ packages. In addition to Brad's observations, I opine that the fragmentation of Linux has provided a net decrease in security posture. -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Attachment:
signature.asc
Description:
_______________________________________________ Dailydave mailing list -- dailydave () lists aitelfoundation org To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
Current thread:
- Brad gets real! Dave Aitel via Dailydave (Jul 06)
- Re: Brad gets real! Shawn Webb via Dailydave (Jul 06)
- Re: Brad gets real! Dave Aitel via Dailydave (Jul 06)
- Re: Brad gets real! Shawn Webb via Dailydave (Jul 06)
- Re: Brad gets real! Konrads Smelkovs via Dailydave (Jul 06)
- Re: Brad gets real! Dave Aitel via Dailydave (Jul 06)
- Re: Brad gets real! Shawn Webb via Dailydave (Jul 06)