Linux News Today: Linus Torvalds: Security in Itself Is Useless, Upside Is Always Somewhere Else
Linus Torvalds always had strong opinions about hardening the Linux kernel from a security point of view and opposed some of the drastic changes proposed. In a recent interview, he explained why, in the end, kernel vulnerabilities are not all that bad as people make them be.
When a new Linux kernel vulnerability is found, it’s quickly patched, but that also means that there are numerous other problems out there that haven’t been identified just yet. When you have a piece of code that’s being developed for more than two decades, that tends to happen.
Hardening the Linux kernel should be one of the kernel developers’ top priorities, or so we might think, as outsiders. The truth is that from inside the project things are seen a lot differently.
During a lengthy interview with Washington Post, he explained why the security of the kernel must be a compromise against other factors like speed, efficiency, and so on. It’s not as simple as the security people are making it out to be.
Security is not a kernel-exclusive job
One of the things that stood out from the interview with Washington Post is something that properly explains the rift between his view and the developers’ who are pushing for increased security.
“The people who care most about this stuff are completely crazy. They are very black and white. Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about,” said Linus.
This is indicative of two major points. First of all, you can never rely just on the Linux kernel for your security, and there should always be other layers that prevent vulnerabilities from being exploited. Secondly, no matter how you patch and improve the Linux kernel, you might never see the upside, and there will always be another way in.
Security will remain one of the most important topics of debate inside the Linux kernel community, but it’s not clear if things will move in either direction. We can only hope that Linus’ perspective from inside the kernel is much better than the one from outside it.