[Gllug] just preaching to the converted !
Nix
nix at esperi.org.uk
Sat Oct 22 15:30:22 UTC 2005
On Sat, 22 Oct 2005, Chris Hunter spake:
> No. The underlying structure of Linux (and all the other Unix - based
> OSs) makes it an ideal OS for a hostile networked environment. It was
> originally designed as a multi-user, secure OS, unlike any of the MS
Well, I've used secure OSes, and Unix and derivatives just ain't it.
Putting SELinux on top makes it better, but the permissions granularity
and the group system are still way too low for the true utter paranoid.
(Of course, such secure OSes are horrible to actually *use*. Security
and usability may not normally be enemies, but they certainly are when
you get to the stage of forbidding repaints of one window when you drag
another over it lest you use those repainting messages as a covert
channel... I think it was Trusted Solaris 2.5.1 which came up with
*that* little gem.)
Windows is laughably *in*secure, but much of this is now the
applications' fault and the fault of components like IE's renderer that
many apps use: they refuse to run if they don't have write privs to the
world and its dog, they execute untrusted code...
Linux could have that problem today if popular apps on Linux had been
written by blithering short-termist fools with no understanding of
security --- except that it's unlikely that entire systems could be
compromised so easily, because we've already *got* a decent set of
default permissions, so not even the most idiotically written app
expects to be able to write to /usr/lib or /etc. MS is held back by apps
that *do* expect exactly that...
--
`"Gun-wielding recluse gunned down by local police" isn't the epitaph
I want. I am hoping for "Witnesses reported the sound up to two hundred
kilometers away" or "Last body part finally located".' --- James Nicoll
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list