Editor's Note: Action, not Reaction
Why the Open Source Model is Superior
I don't wish to sound too much like someone pontificating from the mount, but there's a serious problem in the Linux world that every Linux user on the Internet must address.
To wit: last week the sendmail.org team discovered a serious bug in the Linux kernel that existed in all kernels up to version 2.2.15. The flaw occurs via the setuid command, affecting programs that drop setuid state and rely on losing saved setuid. In fact, according to Linux kernel developer Alan Cox, it affected programs that merely checked the setuid call.
Now, before you hyperventilate, there is a simple way to address this issue: update your Linux kernel to 2.2.16 or better, or update your sendmail version to 8.10.2. It's as simple as that. If you're a little nervous about upgrading kernels, don't be; your distribution's Web site or documentation should have crystal-clear instructions on how to create a new kernel; it's just not that difficult. Similarly, you can keep your current sendmail configuration while installing the newer sendmail. Anyone who has installed Linux in the past six months is probably using a newer kernel anyway, but for those of us who are using older kernels, this security problem should force us to sit up and make some changes to our systems.
How the Linux community responded to this bug is illustrative of how the Open Source model is superior to the proprietary method of developing--or, rather, protecting--software. The bug was discovered by the Wojciech Purczynski, who posted information about it to the influential BugTraq Web site; it wasn't discovered after someone's important Linux site was hacked via this method. Using this information, Alan Cox patched the kernel and the sendmail team released a new version. (In other words, the Linux community was proactive, rather than reactive.) After the bug was verified, word was sent out via the Linux online community; I suspect that most of you have already seen something about this on Linux Today or Linux.com.
Compare this to what happens when there's a security problem with Windows. Microsoft usually tries its best to deny that there's a security problem or attempts to shift the blame onto someone else. The anti-virus vendors then circle like vultures, attempting to prey on people's fears by overstating the extent of any potential problems. Between the denial of Microsoft and the shilling by the software vendors, it's sometimes hard for the average user to see where the truth lies.
There's no such thing as perfect software, and as we rely more and more on the Internet more and more issues like this will pop up. The solution isn't to have unrealistic expectations of our operating systems, but rather to judge them based on how their vendors react to potential security risks. In the case of Linux, the issue was dealt with honestly and immediately, and compare that to how Microsoft deals with the typical Windows flaw.
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
- 1Linux Top 3: CoreOS, Oracle Enterprise Linux 7 and Ubuntu 14.10
- 2Linux Top 3: Raspberry Pi B+, CentOS 7 and RHEL 5.11
- 3Linux Top 3: CoreOS Goes Stable, Oracle Clones RHEL 7 and Tails Updates
- 4Linux Top 3: Slackware Turns 21, Debian Squeezes and Linux 3.16 Nears
- 5Linux Top 3: Distrowatch, Deepin 2014 and the NSA