There’s no such thing as perfect security. There are no programs that give you absolute software security. After all, security is a process, not a product. Linux’s security process, though, is outstanding, which is one reason why it has great security. Here’s an example.
On July 16th, a security programmer named Brad Spengler, who designs an open-source network and server security program called grsecurity revealed on the full disclosures security mailing list that there was a security hole in the 2.6.30 Linux kernel.
The short version of this vulnerability, according to the SANS Internet Storm Center goes like this: “The vulnerable code is located in the net/tun implementation. Basically, what happens here is that the developer initialized a variable to a certain value that can be NULL. The developer correctly checked the value of this new variable couple of lines later and, if it is 0 (NULL), he just returns back an error. ”
1 response so far ↓
1 A Linux security story « Practical Technology | Linux Affinity // Jul 31, 2009 at 2:34 pm
[...] here to read the rest: A Linux security story « Practical Technology Posted in: Security, [...]