Jump to content

Linux kernel source code repositories get better security

securitybreach

By securitybreach
in Bruno's All Things Linux

 Share

Recommended Posts

securitybreach

securitybreach

Posted
Posted
CHICAGO – Almost three years ago, crackers broke into the kernel.org, Linux's most important site. While no damage was done, it was still worrisome. So, at the Linux Kernel Summit, the Linux Foundation announced that it was securing Linux's Git source code repositories with two-factor authentication.

 

yubico-600x375.jpg?hash=AQt2ZGHlLw&upscale=1

 

Some Linux kernel developers will be using YubiKeys to secure their log-ins to the Linux master source code repositories.

 

Immediately after the 2011 break-in, the Linux Foundation began "mandating a fairly strict authentication policy for those developers who commit directly to the git repositories housing the Linux kernel. Each is issued their own ssh private key, which then becomes the sole way for them to push code changes to the git repositories hosted at kernel.org." That's good, but it's not enough.

 

As Konstantin Ryabitsev, ‎a senior systems and network administrator at The Linux Foundation, explained: "While using ssh keys is much more secure than just passwords, there are still a number of ways for ssh private keys to fall into malicious hands -- for example if the developer's workstation is compromised or if someone manages to access some poorly secured backups. … Keeping that in mind, we wanted to further tighten our access requirements, but without causing undue difficulties for the kernel developers."

 

So, the Foundation has moved on to using two-factor authentication. In two-factor authentication, instead of simply having a user ID and password, an additional step is added. With Google and Twitter, for example, it works by requiring both a password and entering a numeric code texted to your phone number. If any one part doesn't work, you can't get into your account.....

  • Like 2
Link to comment
Share on other sites
Capt.Crow

Capt.Crow

Posted
Posted

Very interesting Dr. Watson , But don't a sizable proportion of owners do their thing on the net Via their phones . Phones are easier to hack .

 

But it's a very good if not excellent start . Thinking out of the box .

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...