A long-simmering debate among top Linux developers has boiled over recently, resulting in a flame war of sorts on a kernel forum.
Linux creator Linus Torvalds and kernel developers working to harden Linux systems with security modules have been exchanging heated words over a security application slated for the upcoming 2.6.24 kernel release.
A fiery Torvalds resorted to all-caps to let his anger hang out in an exchange of messages posted on the Linux-centric community site KernelTrap on Monday.
The flap started with Andrew Morton, considered second to Torvalds in the Linux developer hierarchy, telling developers that Smack (Simplified Mandatory Access Control Kernel) should go into the upcoming kernel.
Smack uses Linux Security Modules (LSM). Opponents fear LSM can open the gates to system attacks.
“If LSM remains, security will never be a first class citizen of the kernel,” said Linux developer James Morris, according to the KernelTrap posting.
Torvalds’ irate reaction — complete with shouting and name-calling — got the attention of those outside the inner sanctum, but really this was just another day in the life of the Linux kernel community.
“When your development community is completely open, everything is out there for the world to see, including your disagreements. This is just another disagreement on the Linux kernel, and it’s more calm than many of them,” Jonathan Corbet, author of Linux Device Drivers and a member of the invitation-only kernel summit program committee, told LinuxInsider.
The Security Debate
Morris had argued that if LSM remains, “we’ll miss the potential of Linux having a coherent, semantically strong security architecture,” according to the messages posted on KernelTrap.
Morris had recommended Security Enhanced Linux (SELinux) as the sole Linux security framework, and warned that “merging Smack would lock the kernel into the LSM API (application programming interface).” Therein lies the debate.
“Developers working on SELinux, the most prominent approach in use today, feel that all development effort should be focused on a single solution,” Corbet explained. “Others feel that security needs vary widely and that there will never be a single solution which works for everybody; as a result, Linux must continue to support multiple approaches to security,” he said.
A multiple approach will most likely prevail, he said.
“Linus has been very clear that the LSM capability will remain,” Corbet stated. “There is nowhere near the sort of consensus that would be required to change his mind on this subject.”
LSM has been criticized as allowing proprietary software to “hook in” to the kernel and cause problems that developers can’t resolve without access to the source code.
“There are other ways to address those problems, including a patch, due to be merged in 2.6.24, which will take away the ‘modular’ part of LSM,” he said Tuesday.
Government and corporate users shouldn’t lose confidence in Linux simply because a few people raised their voices, Corbet said. This type of open debate is what made Linux possible in the first place.
“As long as Linux developers continue to be outspoken and insistent on creating the highest-quality system they can, there is no reason for anybody to suffer from a lack of confidence,” he concluded.