On 08/11/2017 07:08, Dale wrote: > Howdy, > > I ran up on this link. Is there any truth to it and should any of us > Gentooers be worried about it? > > http://www.theregister.co.uk/2017/11/07/linux_usb_security_bugs/ > > Isn't Linux supposed to be more secure than this??
I would say the real problem is USB itself. What is USB after all? It's a way of sticking any old random thing into a socket and getting the computer to magically do stuff. So if the system software then goes ahead and does stuff, it's only really operating as designed and as spec'ed right? Yes, those 40 holes are probably all true and quite possibly all exploitable, and they should also be fixed. But the real problem is that USB even exists at all. btw, when you say "Isn't Linux supposed to be more secure than this??" the answer is a resounding NO The Linux=safe, Windows=notsafe delusion comes from the 90s when Windows had no real security features at all, or even any realistic ways to limit and control access. Linux had a Unix-style userland and kernel, so you automatically got multi-user/multi-process with per-user permissions. That alone, by itself, is probably the largest single security advance in all of computing history. Everything else is icing. There is nothing in Unix really that is "secure by design", and all von Neumann machines are actually insecure by design -- Alan McKinnon alan.mckin...@gmail.com
