sick of Linux bias

Discussion in 'Computer Security' started by Alastair Smeaton, Jan 4, 2004.

  1. Dans sa prose, Mike nous ecrivait :
    Well, I thought the mail delivery problem was not the point as any
    MTA and IMAPd association will provide this stuff. If you use
    OGo for the groupware part and Postfix/Cyrus for mail delivery, associated
    to Evolution client used with OGo Evolution Connector (see Evolution CVS),
    you have something really close to Exchange in term of functionnalities.

    I tend to consider that the comparison point between Exchange and other
    products is groupware capabilities, as one can handle his mail in a lot of
    (better) ways.
    I do not say that this solution is a real alternative, as I don't consider
    myself as an "Exchange poweruser". But as far as I can see, OGo offers me
    all the functionnalities I use on my company Exchange server. So, for my
    own needs, it is a valuable alternative.
     
    Cedric Blancher, Jan 9, 2004
    1. Advertisements

  2. The original was snipped to show "outlook" and not "exchange". You
    commented about "exchange" and not "outlook". You did not read. Case
    closed.



    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Jan 9, 2004
    1. Advertisements

  3. Bash, the shell prefered by most candy stripers ;)

    /steve
     
    Stephen K. Gielda, Jan 10, 2004
  4. Yeah, I realise that everyone knows bsd is superior to all so there
    won't be much argument, but can't blame me for trying, huh? :)

    /steve
     
    Stephen K. Gielda, Jan 10, 2004
  5. --Linux rants rule--

    They sure have staying power! This group tantrum has been going on for four
    days!
     
    \Crash\ Dummy, Jan 10, 2004
  6. Alastair Smeaton

    Dazz Guest

    On Fri, 9 Jan 2004 19:43:45 -0500, Stephen K. Gielda

    I'm going to pretend you didn't say that. ;-P

    Dazz
     
    Dazz, Jan 10, 2004
  7. Alastair Smeaton

    Dazz Guest

    Which is more "uptime" than a Windows server. ;-P

    Just joking, of course. :)

    Dazz
     
    Dazz, Jan 10, 2004
  8. Alastair Smeaton

    John Guest

    Well, I DO prefer candy-stripers!
     
    John, Jan 10, 2004
  9. Alastair Smeaton

    Guest

    Yes, really it's closer to 2 days!
     
    , Jan 10, 2004
  10. Alastair Smeaton

    Steve Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    <classic pointless rant>

    The Bottom Line here, is that Linux is not by any means free of its own
    problems. However, the reason why you get such a bias towards linux even
    when some linux servers can be rooted just as easily as windows ones, is
    that those servers that are being rooted _can_ be fixed. And if you
    have a knowledgeable sys-admin, the boxes will not get rooted.

    The rationale behind this assertion is that the exploits found for
    linux, are almost exclusivly userland exploitations. While in windows,
    while we see a number of "userland" exploitations (with windows its hard
    to really say userland, because ther _is_ no real privlage seperation,
    but for these purposes we can take userland to indicate not a part of
    the core windows operating system), we see an almost equal number of
    operating system, or "kerneland" exploitations.

    Moreover, without an /etc directory in plain text, we have a registry,
    wich is another way to do it, but the problem is its a propritary
    binary, so we never really know all of whats in it, and instad of a real
    system logger like /var/log we have even manager, which agian is anohter
    propiotary approach.

    This amounts to tracking down problems on windows to thier root to be
    much more difficult than with linux, the reason being that in linux its
    plain text, you can _read_ the physical settings being read into the
    damoens (pardon my spelling), in windows, you have to root thru keys,
    and propitary editors to get the info that in linux would have been
    gotten from cat. Moreover, its easier to extract and sort information
    out of the ascii in /var/log than to get event viewier in windows to
    figure out what the hell is happening.

    None of this negates the overriding fact that your network is really
    only as secure as the administrator running it, however, for a
    knowledgeable administrator, you can do more with linux, much more. And
    knowledgeable admin who has used both will tell you that. Of course
    people can say they know 50 linux boxes that got rooted, they probably
    have 50 mcse friends who tried to run a linux server and were running a
    vunerale version of ssh, or running a 2.4.0 kernel or some other
    horribly outdated userland dameon. So of course they got rooted.

    Notwitstanding the above arguements, just look at the sheer number of
    remote kernel roots and compare that number of exploits found in a
    single version of windows. Then compare the flexibility of a given
    version of linux (in fact there is so much flexibility there really isnt
    a stable versioniong convention) and compare it to windows XP, or
    windows longhorn (which by the way, for all the DOE effects in the Alpha
    copy sitting in front of me, rips of unix even MORE than XP!)

    And finally, at the end of the day, the guts of the internet run *inx,
    not windows.

    </classic pointless rant>

    Sorry guys, been listing to CFO's throw around MCP buzzwords all day,
    had to do a little venting :)
    Mike wrote:
    | |
    |>On Tue, 06 Jan 2004 00:51:41 GMT, Bit Twister spoketh
    |>
    |>
    |>>On Tue, 06 Jan 2004 00:23:51 GMT, Lars M Hansen wrote:
    |>>
    |>>
    |>>>However, I'd like to see what database of exploits you've looked at to
    |>>>determine that linux has much less problems.
    |>>
    |>>Frap, looking through my small ms rock pile of 23 urls shows three of the
    |>>links gone obsolete. I had a link on a article which had a link which
    |>>dropped me into the Microsoft database index where I could just scroll
    |>>up and down titles. It was either in one of those or an article I had
    |
    | seen
    |
    |>>before I started collecting rocks to throw at win trolls.
    |>
    |>Well, I got one leg on both sides of the fence. I have absolutely no
    |>problem using or recommending Windows as workstations or servers, and I
    |>can also see that Linux has it advantages.
    |
    |
    | Amen to that. I personally have a mix of Windows and Linux servers.
    The big
    | clients tend to have MS servers and Linux for various Firewall and FTP
    | servers etc. For smaller clients who don't have to cash for MS server
    OS can
    | benifit from Linux & Samba etc.
    |
    |
    |>I'm not too fond of neither the "windows sux" nor "linux sux".
    |
    |
    | Indeed, they each have their own strengths and weakneses. These idiots who
    | jump up and shout "Windows is crap" or "Linux is crap" might just as
    well be
    | arguing that phillps screwdrivers are better or worse than
    slot-headed. Its
    | all a case of the right tool for the job in hand. For me MS will be on the
    | desktop for some time to come but I can see a trend towards more Linux
    | servers in the backroom. There are times when it just has to be MS for the
    | server (I'm thinking Exchange server here).
    |
    | Mike
    |
    |

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFAAdetcyHa6bMWAzYRAh0sAKC385QKpAVPPyci+M+MlQNKAzvsegCggMsJ
    IyEb0gmDbVE7WUhdMtwPcOU=
    =SivZ
    -----END PGP SIGNATURE-----
     
    Steve, Jan 11, 2004
  11. <classic poinless response>

    ;o)
    This is probably where our view diverge - *nix has a simple on/off approach
    to privilege. Windows has a mass to choose from - a lot of programmers seem
    (sometimes wilfully!) to misunderstand this and drag us back to
    CP/M^H^H^H^HDOS, but that doesn't necessarily make them "bad".

    As you rightly point out - most Windows boxes are setup in the *nix
    all/nothing model. More a problem with the admins than the system. VMS'
    SETPRV and auditing beats both of them hands-down (shame about things like
    UCX, though..)
    Hmm. While I'd agree that Event Viewer was probably written by Satan on a
    rainy Sunday afternoon, I can't agree that hunting down configuration files
    is a useful use of /my/ time. As I'm sure you'll recall, WIndows 3 took that
    approach. Not especially brilliant..

    A better argument would be the use of specific users to run specific
    services (as Windows does - to a limited extent - with IIS). It's also what
    a number of large Real World(tm) users do via security policy.
    Both platforms require updates.. and both platforms have a way to go on that
    one. On the one hand, we have (often unnecessary) Windows reboots, on the
    other a process that would appear to be moderately painful.

    The reason I say that a lot of reboots are probably unnecessary is that most
    seem to make assumptions about DLLs that could be hanging around in memory
    (wouldn't it be nice if they dropped out when they weren't being used, or
    had a specific unload utility? Everyone else seems to manage to do /that/
    one..)

    As goes my other point - if online updating were so straightforward, why did
    100% of my Red Har Network updates fail? And why the *%@& did they fail
    /silently/? OK, so I was able to apply the updates manually, but that's not
    the point - having to roll that out to a large bunch of machines is
    s-o-o-o-o-o 1980s ;o)
    Spell it *nix, and I'll agree with you ;o)

    (Not sure whether that was a typo or a Linux reference)

    H1K
     
    Hairy One Kenobi, Jan 12, 2004
  12. Alastair Smeaton

    Steve Guest

    As a former Microsoft Programer, and have tibits of windows longhorn
    source code, and the one of the alphas on my desk right now, I Can tel
    you this is not true.

    While microsoft does attempt to represent to the user, and without know
    vast amount of C, or assempler, or fully understaning the dissemnation
    of the operating system, you would be none the wiser. However, the
    problem is with Microsoft's claim that they indeed DO have privlage
    seperation, and not only that, have varing degrees of privlage
    seperation is just wrong. The reason why its wrong, is because there is
    no real kernel land and user land for applicaitons. Everything ultimatly
    runs with administrator privlages in the final execution. Moreover, the
    hap hazard design of the underlying kernel has lead to userland and
    kernel land becoming intertwined. So since in almost every single case
    your "userland" program is going to have hooks right down into the
    kernel. For those of you who don't really understand kernel and user
    seperation, runnng with a hook in the kernel may be shown by windows as
    running as your user, it may deny you access to another users files when
    you try a conventional read. However, if you write a C program, or an
    assembler program, you have full access to those hooks, and can run
    right inside kernel space. Which is the equivilant of running with
    System privlages. Indeed that is why when we something like DCOM get
    exploited, a simple long filename gets you SYSTEM privlages.

    Moreover, any binary on a windows box can overflow its stack and volia,
    its in kernel space if the overflow is crafted correctly. Moreover,
    every windows box is compiled with the same procedure, with the same
    offsets, and the same base addresses at the factory. Which makes
    mass-explotiation possible.

    Now in many cases with linux, for example with RPMS on redhat, yes you
    are dealing with binarys, however, by the nature of opensource, you
    could just as easily, if you were concerned about buffer overflows,
    compile your entire system from scratch. Indeed, there are entire Linux
    distros built around this. For example, gentoo. The box i am sitting on
    is a gentoo box and every single binary on this machine has been
    compiled on this machine, and is compiled specfically for my proccessor.
    The binarys on this machine will not work on a PII, or a PIII, only on
    an athlon-xp or higher chip.

    What htis means, is that if you want to 0day me with a stack smash, you
    cant. You need to figure my base addresses first. Indeed, the openssh
    exploit that was found over the summer, someone DID try that agianst me,
    before i was patched. It just didnt work. It did succsed in crashing my
    SSH dameon. However, because the base memory was not the same, the
    amount of overflowing that had to happen to get ot the memory address
    that was needed to bind a shell to a port was different, and thus while
    the overflow occured, the instructions that needed to be pushed onto the
    stack never made it there.

    Moreover, with a grsecurity patch, I can make EVERY memory allocation
    start from a random base, IN ADDITION to the random offsets with
    compilation. Therefore, if you try to overflow a dameon in userland, you
    have a (2^32)^32 chance of being at the correct address to start
    injecting into the stack with the amount that you need to inject into
    the stack. the first 2^32 because the offsets are random, because of
    compilaiton with different GCC options. Therefore, you can be starting
    from anyweres in memory, which is 2^32. Now on top of this, you now have
    a grsecurty patch in the kernel makeing an additional randomization of
    your static (but random because no one can know for sure what the base
    offsets are if you are using wonky GCC options) bases, and that happenes
    everytime you malllc(). Wich adds the other ^32 to the initial 32 bit
    max that you started out with.

    Moreover, the kernel has a specic portion of memory. The only way a
    proccess can get into that memory is if it is running uid=0. If it isnt,
    it gets a seg-v from the OS. therefore, the explotation that can happen
    at the kernel level, must happen in a proccess running as root. Now,
    while many damons do run as root, simply to privlaged ports 0 - 1024, a
    simple fork() after the coonection is recived fires off a new proccess
    running with UID= whatever you specify in your configuration. But as an
    uprivlaged user. For example. My ftp service, runs as root. Until you
    bind to 22, then it forks off to a user called proftp. That user can not
    write anyweres on the filesystem. Nor can they log into the system. Once
    the user authenticates agianst PAM, there is a fork() off as the user
    they authenticated as. So if they comprimise the damon, they can never
    do any real damage. And in order to do anything, there would have to be
    a remote root in the way TCP is implemented in the kernel (Which I have
    never seen, nor do I know anyone since the inception of linux who has
    seen this) or in PAM. And pam is so heavily auditied, that we rarley
    find privlage escaltion problems in it. In fact, I cant think of any in
    PAM in the last 3 years (I could be wrong there).

    THIS is real privalge escilation. There is no kernel hook to break, and
    your not running in memory that the kernel can use. Therefore, you dont
    get root simply by overflowing any binary on the system.

    Now, mind you what I have decribed requires alot of devlopment and OS
    expereince to know how to do. Indeed, you can very easily set up a
    vulnerable linux box. And many admins who dont know linux well do just
    that. However, the point here is, if you bring in a consultant (like me
    :D ) who is very knowledgeable (or has access to very knowledgeable
    people :) ) you have the OPTION to do much more. However, the security
    of a given linux box is DIRECTLY proportional to who is adminning it,
    and who set it up, and who has root on it.

    With windows, we dont have that option. When the openSSH remote root
    shell came out, I already had other layers of security in place to allow
    me to use openSSH but not be sucptable to that remote root. (ie random
    offsets, random mallc()s) Therefore, when that vulnerability came out.
    (and it was 2 AM when my phone started ringing, because lets face it,
    openSSH IS the trumpcard) I was able to say "I'll upgrade it in the
    morning" and go back to sleep. Because I knew that it was a stack smash,
    and that my gentoo boxes, even before they were patched, were not
    sucptable to this.

    However, most linux boxes were a rmp installed openSSH was running, and
    there was no GRsecurity patch in the kernel WERE sucptable. They didnt
    have to be, but they were. The point is, I CAN implement layers of
    security on linux.

    However, when the msRPC exploit came out, while all my networks drop RPC
    at the border, internally, I had to put clothes on when i got the call
    (which fortunatly was only 7PM :) ) and go around running windows update.


    Ok, the point to that seemingly endless rant, while linux CAN be
    insecure, and in many cases IS by default, if you have the apprpriate
    admin, it can be very secure. But you have the option. With windows,
    there realy is nothing you can do.
    Cant argue with that :) However, I think you misunderstood the way linux
    does the config files. In general, the config files are in /etc/<name of
    package>/ . While there are exceptions to this, the fact remains, that
    the location of those files, is mostly standard, and it its not
    standard, can simply be found in the documentaiton. Which you are
    probably reading anyways if you are configuring the software. Moreover,
    they are in ascii text. Therefore, they can be opened with just about
    anything. Moreover, they can be done over slow connctions via a
    text-console. moreover, its easier to search thru them if your looking
    for a specific variable. For example, if I am looking for all the
    seetings of CFLAGS, I can do a search of over all config files at once.
    In any posix operating system (which almost all *inxs are, well outside
    of IBM AIX, but that is the unix equivilent of hell) you can just type
    grep CFLAGS= -i /etc/* , and you can search the configuration files for
    every single pice of software on your machine with that one command.

    The windows 3 approach was not reflect of the unix way of doing things :)
    This is true, but as I outlined above, you can use other "layers" of
    security, if you have the appropriate admin, to delay updating (altho
    its generally a good idea) if oyu need too. (like if it is 2 AM :) )


    Moreover, the only time you really need to reboot is when you install a
    new kernel. All the other times, since there is a clear kerneland, and
    userland, and userlad uses kerneland to reallc(), I can rebuild my
    entire box (and I have when i need to add new gcc options like proPolice
    onto all my binarys) and not have to reboot. Indeed, my IMAP box is
    running kernel 2.4.22 and has been up for close to 4 months now without
    reboot. (power company is good around here about lack of power outages :) ).
    This is true, however, if you run windows update, and a DLL gets
    updated, windows update can't shut down the processes useing that DLL
    most of the time, therefore you have to reboot since in Windows, you
    can't delete a file, or replace it if its in use (mainly because NTFS is
    broken :) )
    Redhat is a general pain in the ass I find, however, you can find perl
    scripts out there, I have some that I use for people who _insist_ on
    redhat (for alot of them I just lie and install gentoo :) ) that will
    get the rpm, verify the signature, and install it, and if it fails, try
    it agian using a different method (depending on the error) and if it
    fails, email you.

    There are _better_ distros, for example, Gentoo :), which have the
    loveley feature of portage. Were there are ebuild files. These files
    contain a bash like script to configure, install and clean out the old
    version of the package, moreover, it figures all the dependecies for a
    package and instals them before it installs the package (well before it
    starts compiling the package). Moreover, using USE flags in a global
    conf file, you can chose the functionality you want for each package
    (ie, build with kde stuff in it, build with support for XMMS, or SSE or
    NVIDIA, or whatever you need) and when a package is installed, the
    appropriate USE flags are picked out and the appropriate patches are
    applied. Moreover, there are CFLAGS that can be set for compiliation,
    so you can set sickingly fast optimizations in there, and have
    everything comipled with those settings. Even better, if your CFLAGS are
    to agressive for a package (like for glibC) they get tonned down to safe
    flags. moreover, all the configuring for compile, all the installation
    of the compiled binarys, and cleaning of previous versions and keeping
    tack of which versino is now installed is done by a python program
    called portage. now when i want to update my system, i type one command
    emerege rsync & emerge update world; and my system is updated. Hashing
    is used to ensure there are no problems with the source, and the source
    is downloaded from trusted mirrors. Now I put this in my cronttab, have
    it run every morning, and grep the output for newly merged packages and
    unmerged packages, and the output gets mailed to me. So every day i get
    a report from my system about what was uninstalled, and what was updated
    and what the new version is. I dont even have to read these mails,
    because portage keeps track of it for me. I just read them to know whats
    going on. If I want to install a new portage its emerge <package name>
    and its done, and its now in the database, so it is monitored for
    updates every night when my cron job runs. I also put this on prodction
    servers. Now, I manage about 30 machines for clients and for my own
    personal use and for friends. All those machines are in peak runtimes (I
    benchmark them every once and a while) and they are running the latest
    version of everything that is installed. Heres the kicker, I havent
    updated any of the pakcages personally in over 5 months.

    Redhat, debian have similar systems (ie apt-get) but currently gentoo is
    the most extensive, and works the best.

    So as you can see, agian, if you have a knowledgeable admin, upgrading
    becomes quite easy, and management quickly becomes a script.

    (To be fair to you, when were running your updates, many of these things
    may not have been around. However, if you stil are looking at this
    problem as a sys admin, google it, or try apt-get, and apt-update, or
    just try gentoo, will make your life eons easier. I still rember rpm
    hell....twas a dark time in my life as a linux user...)

    And rolling out the patches for unix boxes is sooooo 1980's or sooooo
    Windows :)
    ok...*inux...but to be fair, IBM AIX counts as crap, solaris is
    psdo-crap, and SCO has relquished thier right to call themselves a *inx :)

    steve
     
    Steve, Jan 12, 2004
  13. <snip>

    Great post. I picked up a few pointers here.
    Quite a few in fact about how much one can automate system updates.
    Gives me something to shoot for.
     
    Richard Steven Hack, Jan 13, 2004
  14. Hmm. Now that's an interesting statement. I'll concede that NT4's
    lets-run-graphics-through-the-kernel decision was, for want of a better
    word, "dumb". OTOH, I can't agree with your assertation that Windows doesn't
    have a number of different privileges available for general use. As I've
    said before, I'd prefer a greater & more specific set (a la VMS), but
    they're there if a programmer is willing to use 'em.

    Most don't; something that - as a Windows programmer myself - reflects more
    on the programmer than the platform. I'll take as my example Nero, which had
    to be patched to allow use by people with lower privilege levels (I forget
    the exact privilege. Admin group has it by default) You have to go the same
    thing with Unicenter (being originally Unix-centric, it runs everything with
    its own user, which requires "Login as a Service" rights, among other
    things)

    NT, in all its various guises, has multiple layers, rather than just the two
    (if you're talking WIn9x, then I'll just apologise & move on.
    Elephant-on-a-traffic-cone ;o) AFAIK (with not having done it) this great
    big hooking hole (as used by rookits) already assumes a privilege escalation
    in the first place. Or, to put it another way, that the box has already been
    compromised through some other means. Five layers rings a bell, but no
    CMKRNL to allow better control.

    If you're thinking of some other way of manipulating the kernel, then please
    say so..
    Hmm. True, but also for everyone else (I would suggest that very few other
    people do actually recompile the whole OS..)

    Assuming that there is any ;o)

    And that the person who setup the box followed it (won't bore you with what
    I had to do to hack my original Solaris box into shape.. ;o)

    Yes, you can do text searches on *nix. And, yes, you can do registry
    searches on Windows. And, yes, I'd like to see a better editor provided
    out-of-the-box.. one with FindAll would be a start. OTOH, if I /really/
    needed it more than once, I'd either download or write one.
    I do that already, on certain boxes - they all trip at different times.
    :) ).

    But for a memory upgrade, my web server could probably have matched that ;o)
    The only downtime was for two or three seconds, when I upgraded the web
    server itself (I don;t use IIS ;o)
    You consider this /broken/ behaviour? Hmm. I guess that we'll have to
    disagree on this one. I'd still like to see an unloading tool, though - (it
    would also boost uptime - the box may not be good for anything during a
    software upgrade but, heck, the kernel's running so the box is /up/, right?
    ;o)

    <Snip useful stuff about Gentoo. Must take a look at that.. thanks>

    H1K
     
    Hairy One Kenobi, Jan 13, 2004
  15. Alastair Smeaton

    Steve Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hairy One Kenobi wrote:
    | |
    |>Hairy One Kenobi wrote:
    |>
    |>>|
    |
    | <much snippage>
    |
    |>>This is probably where our view diverge - *nix has a simple on/off
    |
    | approach
    |
    |>>to privilege. Windows has a mass to choose from - a lot of programmers
    |
    | seem
    |
    |>>(sometimes wilfully!) to misunderstand this and drag us back to
    |>>CP/M^H^H^H^HDOS, but that doesn't necessarily make them "bad".
    |>
    |>As a former Microsoft Programer, and have tibits of windows longhorn
    |>source code, and the one of the alphas on my desk right now, I Can tel
    |>you this is not true.
    |>
    |>While microsoft does attempt to represent to the user, and without know
    |>vast amount of C, or assempler, or fully understaning the dissemnation
    |>of the operating system, you would be none the wiser. However, the
    |>problem is with Microsoft's claim that they indeed DO have privlage
    |>seperation, and not only that, have varing degrees of privlage
    |>seperation is just wrong. The reason why its wrong, is because there is
    |>no real kernel land and user land for applicaitons. Everything ultimatly
    |>runs with administrator privlages in the final execution.
    |
    |
    | Hmm. Now that's an interesting statement. I'll concede that NT4's
    | lets-run-graphics-through-the-kernel decision was, for want of a better
    | word, "dumb". OTOH, I can't agree with your assertation that Windows
    doesn't
    | have a number of different privileges available for general use. As I've
    | said before, I'd prefer a greater & more specific set (a la VMS), but
    | they're there if a programmer is willing to use 'em.

    Well it is true that at the software level ther are a number of
    privlages the operating system will honour. The underlying problem is
    the physical layout of memory. the *inx system has a particular segment
    of kernel memory, thats kernel land, the rest is for everything else,
    ala userland. Moreover, the kernel, running in memory that can only be
    accesed via uid=0, now this memory contains the execution stack and the
    instructions of underlying kernel procceses that will govern the
    enforcement of privlages. Therefore, by smashing a userland procces, you
    can not get root unless your exploting something running as root, or
    something suided to root. and to avoid that, you can mount entire
    volumes with nosuid options. Moreover, you can mount also with the
    noexec option if you need to as well. To further secure entire areas of
    your disk.

    However, in windows, all memory is potentially kernel memory. Because
    the kernel can mallac() itself new memory. because of this a stack smash
    of a userland app, gets you root. In effect. Which is why, with tihngs
    like MSrpc (which is suppose to be userland) when you smash the stack
    (which I think we should remind ourselves, no one thought to check the
    length of file name on that one), you get SYSTEM privlages, which the
    equivilent of root.

    Now, within windows, yes its true, you have varying levels of access
    control built in. However, when the operating systme breaks, you get
    root. On *inx, when you break the system, you get whatever user you were
    running as.

    |
    | Most don't; something that - as a Windows programmer myself - reflects
    more
    | on the programmer than the platform. I'll take as my example Nero,
    which had
    | to be patched to allow use by people with lower privilege levels (I forget
    | the exact privilege. Admin group has it by default) You have to go the
    same
    | thing with Unicenter (being originally Unix-centric, it runs
    everything with
    | its own user, which requires "Login as a Service" rights, among other
    | things)

    This is true, but thats because nero works within the operating system.
    Unfortunatly, the only time user privlages in windows get broken is
    under malicous circumstances. The privlage seperation we are talking
    aobut only becomes a problem when someone succseds in breaking the
    system. IE - a stack smash. Which we have seen literally thousands of in
    windows. The problem is, whenver there is one in a windows app, its a
    desister, for unix, its only a disaster for that user. That is the
    privlage seperation that is being adressed.

    |
    | NT, in all its various guises, has multiple layers, rather than just
    the two
    | (if you're talking WIn9x, then I'll just apologise & move on.
    | Elephant-on-a-traffic-cone ;o) AFAIK (with not having done it) this great
    | big hooking hole (as used by rookits) already assumes a privilege
    escalation
    | in the first place. Or, to put it another way, that the box has
    already been
    | compromised through some other means. Five layers rings a bell, but no
    | CMKRNL to allow better control.
    |
    | If you're thinking of some other way of manipulating the kernel, then
    please
    | say so..

    Well, specialy crafted exploits have used kernel hooks in the past.
    However, I have to concide, those are rare, and not by any means
    "conventional", however, the underlying problem is smashing the stack of
    a userland app gets you into memory space that is userland and
    kernelland, thus allowing severe privlage escilation.

    |
    |
    |>Moreover, any binary on a windows box can overflow its stack and volia,
    |>its in kernel space if the overflow is crafted correctly. Moreover,
    |>every windows box is compiled with the same procedure, with the same
    |>offsets, and the same base addresses at the factory. Which makes
    |>mass-explotiation possible.
    |
    |
    | Hmm. True, but also for everyone else (I would suggest that very few other
    | people do actually recompile the whole OS..)

    Thats true, however, with Distros such as gentoo, which makes this task
    (as well as full optimization for your chip via CFLAGS) literally a
    single command, this is starting to become more common. Admittitly,
    unless your using gentoo exclusivly, it is difficult (see the book
    "linux from scratch") to acomplish this. Moreover, it is time consuming
    to complete, but since I can do other things while its happening and
    because of the extreme preformance/security/stability benifits, for me,
    I consider it time well spent. Also, a nice feature in Gentoo, is to
    build binary packages. So if I have a large farm of servers, running the
    same hardware (at least the same proccsors, or at least the same class
    of proccsors (athlon-xp, athlon-tbird, p4, ect), in some cases, you only
    need to compile the entire system, and output binary packages (with the
    heavy CFLAGS), to reap the benifits of compilation over an entire farm.
    However, it is obviously best to do it on each box.

    The point I wished to adress with that was simply that it CAN be done.
    If you are so inclined. and is impossible on windows

    |
    | <Snip discussion of process vs. thread>
    |
    |>>>Moreover, without an /etc directory in plain text, we have a registry,
    |>>>wich is another way to do it, but the problem is its a propritary
    |>>>binary, so we never really know all of whats in it, and instad of a real
    |>>>system logger like /var/log we have even manager, which agian is anohter
    |>>>propiotary approach.
    |>>>
    |>>>This amounts to tracking down problems on windows to thier root to be
    |>>>much more difficult than with linux, the reason being that in linux its
    |>>>plain text, you can _read_ the physical settings being read into the
    |>>>damoens (pardon my spelling), in windows, you have to root thru keys,
    |>>>and propitary editors to get the info that in linux would have been
    |>>>gotten from cat. Moreover, its easier to extract and sort information
    |>>>out of the ascii in /var/log than to get event viewier in windows to
    |>>>figure out what the hell is happening.
    |>>
    |>>
    |>>Hmm. While I'd agree that Event Viewer was probably written by Satan on
    |
    | a
    |
    |>>rainy Sunday afternoon, I can't agree that hunting down configuration
    |
    | files
    |
    |>>is a useful use of /my/ time. As I'm sure you'll recall, WIndows 3 took
    |
    | that
    |
    |>>approach. Not especially brilliant..
    |>
    |>Cant argue with that :) However, I think you misunderstood the way linux
    |>does the config files. In general, the config files are in /etc/<name of
    |>package>/ . While there are exceptions to this, the fact remains, that
    |>the location of those files, is mostly standard, and it its not
    |>standard, can simply be found in the documentaiton.
    |
    |
    | Assuming that there is any ;o)
    |
    | And that the person who setup the box followed it (won't bore you with
    what
    | I had to do to hack my original Solaris box into shape.. ;o)

    Serves you right for using slowaris :)

    |
    | Yes, you can do text searches on *nix. And, yes, you can do registry
    | searches on Windows. And, yes, I'd like to see a better editor provided
    | out-of-the-box.. one with FindAll would be a start. OTOH, if I /really/
    | needed it more than once, I'd either download or write one.

    True, but in *inx the main benift is that because its text, it can be
    done via virtually any internet connection. Without having to have
    something like VNC or something.

    |
    |
    |>>Both platforms require updates.. and both platforms have a way to go on
    |
    | that
    |
    |>>one. On the one hand, we have (often unnecessary) Windows reboots, on
    |
    | the
    |
    |>>other a process that would appear to be moderately painful.
    |>
    |>This is true, but as I outlined above, you can use other "layers" of
    |>security, if you have the appropriate admin, to delay updating (altho
    |>its generally a good idea) if oyu need too. (like if it is 2 AM :) )
    |
    |
    | I do that already, on certain boxes - they all trip at different times.
    |
    |
    |>Indeed, my IMAP box is
    |>running kernel 2.4.22 and has been up for close to 4 months now without
    |>reboot. (power company is good around here about lack of power outages
    |
    | :) ).
    |
    | But for a memory upgrade, my web server could probably have matched
    that ;o)
    | The only downtime was for two or three seconds, when I upgraded the web
    | server itself (I don;t use IIS ;o)

    Interesting, what version of windows, What webserver? I've never seen a
    windows box stay up for 4 months before!

    And whats wrong with IIS? Didnt like your static HTML content being
    served out of kernel? Hehe :)

    |
    |
    |>>The reason I say that a lot of reboots are probably unnecessary is that
    |
    | most
    |
    |>>seem to make assumptions about DLLs that could be hanging around in
    |
    | memory
    |
    |>>(wouldn't it be nice if they dropped out when they weren't being used,
    |
    | or
    |
    |>>had a specific unload utility? Everyone else seems to manage to do
    |
    | /that/
    |
    |>>one..)
    |>
    |>This is true, however, if you run windows update, and a DLL gets
    |>updated, windows update can't shut down the processes useing that DLL
    |>most of the time, therefore you have to reboot since in Windows, you
    |>can't delete a file, or replace it if its in use (mainly because NTFS is
    |>broken :) )
    |
    |
    | You consider this /broken/ behaviour? Hmm. I guess that we'll have to
    | disagree on this one. I'd still like to see an unloading tool, though
    - - (it
    | would also boost uptime - the box may not be good for anything during a
    | software upgrade but, heck, the kernel's running so the box is /up/,
    right?
    | ;o)

    It is broken, you can not remove a file from the file system when it is
    in use. This is broken inode behavior in the NTFS file system. You
    should have be able to have something in memory, and remove it from
    disk. In windows you have the pagefile to swap out to if you run out of
    memory, and on linux a swap partion, so there is no reason to have to go
    back to the file in the file system. Moreover, the FileDescriptors
    should keep a refernce to the physical inodes even after the file entry
    has left the directory tree. The fact that you can not delete a file in
    use is the result of broken inode behavior in the inodes. (or the ntfs
    rip off of inodes.)

    Moreover, for a journaling filesystem, dirty shutdowns are handled badly
    by ntfs, it dosnt read or write its journal properly, nor does it
    allocate it proprly. Moreover, if your running something with alot of
    files, rieserFS eats ntfs. Hell, ext2 eats NTFS.

    |
    | <Snip useful stuff about Gentoo. Must take a look at that.. thanks>


    Gentoo.org baby....gentoo.org

    |
    | H1K
    |
    |

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFABENqcyHa6bMWAzYRAnwoAJ0YUrtyUMOxyuN4O/MpATdkQMSXeQCgwH0G
    KtVN1LYKPhl2bk8O7bCB5Mo=
    =pnEV
    -----END PGP SIGNATURE-----
     
    Steve, Jan 13, 2004
  16. Alastair Smeaton

    Steve Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    E. wrote:
    | Jim wrote:
    |
    |> Here is a little article for all of you linux boys out there who feel
    |> Linux has little to no security flaws. I am looking for the article
    |> now and will post later, but do any of you remember how the back door
    |> trjan almost made it into the kernel?
    |>
    |> Open Source and Secure just dont go hand in hand.
    |>
    |> http://news.com.com/2100-1002_3-5135129.html?tag=nefd_top
    |>
    |> Jim
    |
    |
    | There is no 'better' OS. Only what's better in a given situation.
    | Either can be secured, if you have the nouse.

    There are things that windows can not be secured agianst. Such as stack
    smashing, or a variety of other tcp based low level attacks. The
    operating system simply dosnt have the design to be able to be secured.
    To secure windows boxes, I put freeBSD or Linux boxes in front of them
    and filter the traffic.

    |
    | Tho' I do understand where you are coming from - I recall being labelled
    | a 'Micro$oft shill' in one linux ng by a linux Nazi for pointing out an
    | error.
    | E.
    |
    There are just as many microsoft trolling people, there are two camps,
    two camps of people, its imporant to realise that there are trollers on
    both sides. And they sit around and call each other childish names quite
    often. As we have seen in this threat quite a bit.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFABGUkcyHa6bMWAzYRAmQ/AKCX1+LarIXgK8Mke9u7NrEQB3MRjwCfWo9T
    2JdT15FzWTFLU/S1J1kTFb0=
    =ONW2
    -----END PGP SIGNATURE-----
     
    Steve, Jan 13, 2004
  17. Alastair Smeaton

    Steve Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Jim wrote:
    | Dazz Wasted my time by saying: on 1/7/2004 8:47 AM:
    |
    |>
    |>
    |>> So Linux never crashes, locks up or has any problems? Wow. That is
    |>> amazing. Now I see what all the fuss is about. That so so cool.
    |>
    |>
    |>
    |> As a matter of interest, have you ever installed and used linux?
    |>
    |> I don't mean, installing it, and seeing what it was like, and then
    |> reformatting after a few hours because you didn't know what to do, I
    |> mean, have you ever actually *used* linux?
    |>
    |> Dazz
    |>
    |
    | I ran Linux at home for a couple months. Documentation was horrible,
    | application support was null, and the library incompatibilities were
    | nothing short of a pain in the ass, samba sucked wind...
    |
    | If you like to play with problems, Linux is the OS for you. I tried
    | about 6 different versions. Getting the OS tweaked for performance was a
    | nightmare. I was eventually able to do most of the things I wanted.
    | However, the total lack of application support, except for half-ass
    | programs written by college students, made me realize I just want to use
    | my home computers and not have to research everytime I want to do
    | something.
    |
    | I really wich you people would read my posts more carefully. I never
    | said I hate Linux and no one should use it. I am not going to repeat
    | previous posts AGAIN.
    |
    | Jim
    If linux has so many problems, why are entire segments of the internet
    run by it?

    If you don't know what your doing with linux, it will be a nightmare, in
    fact, when i first started on redhat, coming from windows, i had about
    two weeks of 20 hour days just trying to figure out how to do basic
    things. It was frustrating, and i lost alot of hair in the proccess.
    However, once i got over that horrible hump, learning was easy. Why?
    because windows hides the way your operating system works. So when you
    start with linux, you have to learn HOW your computer works.

    Why? Because everything in linux is standardized. And the
    standerdization is modeled after userland interaction with kerneland,
    and kerneland with hardware. Moreover, linux follows the POSIX
    standards, so any POSIX command is going to have the same basic switches.

    Most software in linux has very good documentation. Its not a tinkering
    operating system. Its an operating system that is not like windows.
    Because windows breaks ALL the rules in operating system design.

    Just because it was difficult for you is not reflective on the quality,
    design, or production of the operating system. Because at the end of the
    day, the guts of the internet are *inx. Not Windows NT, or 2000 server.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFABGnTcyHa6bMWAzYRAldzAJ9dYPi5L/1r3U1cwl4ruQW4eHrFzwCfZZE8
    tCRg+xGGyN9eavngdNeUGf8=
    =Cqhm
    -----END PGP SIGNATURE-----
     
    Steve, Jan 13, 2004
  18. Ahem. One thing though - everything we've been talking about so far involves
    system-level stuff which is already /running/ in kernal mode.

    The point I was making is that you can't get there without /already/ having
    compromised the box.

    Yes, *nix does is differently. All I'm saying is that the ability to
    take-down anything useful on the box (but leave the kernel running) is,
    IMHO, not a lot different to handing the kernel itself a banana skin and
    watching what happens..

    I personally don't thing that "different" necessarily means better/worse,
    just.. different. OTOH, I wouldn't be sorry is we went back to the same sort
    of separation that existing in NT 3.0. But it ain't gonna happen ;o)

    True. OTOH, TS is built-in. Horses for courses, to some extend (and not
    forgetting that you can make registry mods from the command line. Seem to
    remember that you have to have the CD available for that one - it's been a
    long time since I've needed to do anything like that..)
    Win2000, and OC://WebConnect Pro.

    It was originally running on an AMD box of some description (1700+ rings a
    bell) PSU blew the mobo sometime in June (fortunately the same morning that
    the replacement arrived in the post). Had run 24x7 for about a year, with
    reboots "only" for patches deemed critical. An Intel box blew-up a couple of
    weeks before - seems to be a bad batch of PSUs (although, touch wood, the
    AMD 1900+ still seems happy with its lot, running on a spare PSU from a
    different batch)

    The TA-1 that I'm currently using is also stable - I tend to wait for
    patches to prove their stability on an internal box (the backup web
    server/application server) - can't remember if I applied these at the same
    time or earlier than the upgrade. I have a feeling that I only put in the
    upgrade when I decided to patch.. can't say.

    The upshot is, like anything else, unless you have a resource leak in the
    somewhere, no changes = no problems.
    Actually, it's a rip-off of Files-11.

    I guess that one man's "broken" is another man's "system integrity" ;o)

    Don't worry, I remember all of this from the VMS vs. Unix crusades.. suffice
    to say that we each have our opinion, and are likely to stick with it!
    ;o)

    H1K
     
    Hairy One Kenobi, Jan 14, 2004
  19. And how do they get good security consulting for free?

    You don't sell the software, you sell the consulting expertise to use
    the software.

    This guy sounds like he makes his money selling Windows, then doing
    security "consulting" to solve Windows' problems.

    Nice racket.
    Sounds like an oxymoron to me.
     
    Richard Steven Hack, Jan 15, 2004
  20. Alastair Smeaton

    ?burek Guest

    Bash rocks... vi is given from divine...?:p
     
    ?burek, Jan 16, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.