Posted on 01/10/2004 12:20:46 PM PST by Bush2000
Flaws raise red flag on Linux security
But many users remain confident about the security of the open-source environment
Story by Jaikumar Vijayan
JANUARY 09, 2004 ( COMPUTERWORLD ) - A report earlier this week about a critical flaw in the Linux kernel was the latest in a series of recently discovered security problems with the popular open-source operating system. But many users were unfazed by the report and said Linux remains a solid and secure environment for running enterprise applications.
Poland-based iSec Security Research on Monday said it had found a critical flaw in a function used to manage virtual memory on Linux systems (see story). The flaw affects the 2.2, 2.4 and 2.6 versions of the Linux kernel, according to iSec.
The vulnerability could allow attackers to take administrative control of compromised systems and run attack code of their choice, an iSec advisory stated. ISec claimed that it had developed and successfully tested code that was capable of exploiting the flaw, although it added that actually launching such an attack wouldn't be easy.
The news follows the discovery of a similar flaw in the Linux 2.4 kernel last fall. In November, unknown attackers used that flaw to take down several servers belonging to the Debian Project, which produces a noncommercial Linux distribution. And last month, an attack on the Gentoo Linux Project compromised a server that was being used to download copies of Gentoo's Linux source code by users.
The rise in such incidents can be attributed to Linux's growing popularity, which makes it a more attractive target for malicious attackers, said David Wreski, CEO of Linux security vendor Guardian Digital Inc. in Allendale, N.J.
"The underground hacker community is very interested in Linux as a potential target," he said. "Because of the accessibility of the source code to everyone, it provides an equal opportunity for malicious attackers to find vulnerabilities and ways to exploit them."
Even so, Linux remains a secure environment, said John Cahill, senior network security engineer at Piedmont Natural Gas in Charlotte, N.C.
"I would say it is more secure than Microsoft and other environments because the code is looked over by so many people and it's so widely available that any vulnerabilities can be quickly identified and patched," Cahill said. Piedmont uses Linux for several e-mail-related functions and is considering its use for antispam purposes.
"There's not very much we've needed to do to secure Linux [applications]," said Joe Poole, manager for technical support at Boscov's Department Stores LLC in Reading, Pa. The company runs several virtual Linux servers on its mainframes that are protected by network and internal firewalls. All nonessential services, such as file transfers and Telnet, have been disabled. But there has been no need for the kind of constant patching and maintenance required for Windows, Poole said.
Linux distributors in general are also doing a better job of shipping products that have nonessential services disabled by default, said Paul Schmel, adjunct information security officer at the University of Texas at Dallas.
"The biggest plus that Linux has is that it's designed to allow users to be users and not administrators," Schmel said. "What Linux has that Windows doesn't have is ease of configuration from an administrator's standpoint. Stopping and starting services, configuring services to only respond on certain ports and interfaces is dramatically easier than it is with Windows."
I believe it's his job. Look at his posting history. He doesn't post anything but pro-MS/anti-OSS. Can you imagine how much it would drive you crazy to have to astroturf for MS? I shudder to think of it.
KKKLinux, the command line has a white screen. Firewall preconfigured to filter out the NAACP and ADL, with preset links in Mozilla to all your favorite racist and holocause denial sites. Plus a custom-written panic button to the ACLU in case some city won't let you demonstrate. Prepackaged with desktop backgrounds of your favorite lynchings!
Are the millions of retail boxes sold an OEM issue too?
No they don't. Microsoft proudly announced that they would have to release no security patches in December because they've gotten things down so good.
No, wait, they did end up having to release some anyway. Oops.
Maybe he works there. Maybe he's Bill Gates himself! Hey Bush/Bill, can I borrow some money?
Which implies that someone has altered DNS and also disabled the real LDAP. Anyone know a network admin who is willing to take that kind of chance with his career?
Hmmm... Sounds like another one of those flaws that allows Root to root the machine. A very pesky fellow, that Root.
Yes, there's that...
But with everything going on in the world... even without September 11th... the notion that anyone would hang around a forum like this and spout off about which flavor of software to use exposes a serious character defect.
It's absolutely moronic.
The funny thing is, if you could get some KKK types to not drool into their keyboards long enough to put this together without starting an electrical fire, it would be entirely possible to create a distribution and theme exactly like what you describe.
There's the deeper issue of proprietary vs. open source software, which affects they way that businesses can run, how open your government will be and how it will use your tax dollars. For example, the Navy is getting 300,000 seats of Windows/Office in a contract with EDS. If the total seat licensing is, say, $200 (really cheap estimate, and not counting Software Assurance three years down the road), that's $60 million of your tax dollars gone bye-bye that could have otherwise been saved.
Yes, all that waste plus a zealot like Bush2000 who has a vested interest in maintaining a flawed product.
You just admitted that Microsoft is crappy software.
That's the first of the 12 steps.
We're all pulling for you.
The beauty of OSS. Actually, others have proposed a FreepLinux.
Actually, I kind of like Photoshop. It's the most solid, capable application I've ever used. I also figure OS X will be just about OS perfection in 10.5 (or whenever all libraries are converted to 64-bit).
And you've made it clear that your goal and your job is to protect and perpetuate it.
I think that about wraps up our program, B2.
Toodles.
Said the Linux stooge.
Said the windows bigot.
Hey! This is fun. We could carry on with this all day long. Considering your posting history, it would be reasonable to guess that you are a paid astroturfer.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.