Linux no longer foolproof?
January 22, 2001 9:35 AM Subscribe
Linux no longer foolproof? And a smile descened upon Redmond...
The worm components then scan the global network for other Linux machines and upload the worm there if the "buffer overrun" attack is performed successfully.
It's called a worm because it self-propogates from machine to machine.
posted by plinth at 10:34 AM on January 22, 2001
It's called a worm because it self-propogates from machine to machine.
posted by plinth at 10:34 AM on January 22, 2001
CrayDrygu, many would argue that lack of knowledge on the user's part is no excuse for poor security. A system that is in such widespread use, that is *expected* to be run by people who don't know any better, *should* be secure. So personally, I blame RedHat. :-P
Does anyone know *why* they decided to install so many open services in their default install? It doesn't make much sense to me.
posted by whatnotever at 10:40 AM on January 22, 2001
Does anyone know *why* they decided to install so many open services in their default install? It doesn't make much sense to me.
posted by whatnotever at 10:40 AM on January 22, 2001
These services and their activities are transparent. They're the sort of things that should be locked down by distributors. Even if they're not, not disabling them, or at least securing them properly, is proof positive that you shouldn't be running Linux until you read the Network Administrator's Guide.
(That said, I'd be worried about the BSD daemons running by default on OS X. One of the reasons why MacOS can be a decent server platform is that it's locked down by definition.)
posted by holgate at 11:10 AM on January 22, 2001
(That said, I'd be worried about the BSD daemons running by default on OS X. One of the reasons why MacOS can be a decent server platform is that it's locked down by definition.)
posted by holgate at 11:10 AM on January 22, 2001
Just another example of why genetic diversity is A Good Thing.
posted by baylink at 11:31 AM on January 22, 2001
posted by baylink at 11:31 AM on January 22, 2001
Is there any real Mac OS left (the OS9 and below kind) in OS X, or is it just total Unix with a neat-looking front-end? I mean, Mac OS has always been the most secure OS simply because it never had all those open services coded into it in the first place. But that's all out the window now, isn't it?
posted by aaron at 11:45 AM on January 22, 2001
posted by aaron at 11:45 AM on January 22, 2001
Well, one could run one's Web server in Mac OS X's Classic "box" and turn off all BSD services, I guess.
posted by kindall at 11:50 AM on January 22, 2001
posted by kindall at 11:50 AM on January 22, 2001
aaron: OS 9 runs in, like kindall said, a 'box'. Basically, the Classic environment is a separate application--a Mac emulator. (When you launch a Classic application for the first time in a session, the Classic 'box' has to boot up, just like a current Mac.) It just so happens that this emulator is running on the native PowerPC processor, so the speed hit is minimized.
As to security... well. Current builds of OS X have several ports open by default (and a portscanner is a standard system utility! l33t), but I really, really, really hope they default them to off for the consumer release.
posted by darukaru at 12:38 PM on January 22, 2001
As to security... well. Current builds of OS X have several ports open by default (and a portscanner is a standard system utility! l33t), but I really, really, really hope they default them to off for the consumer release.
posted by darukaru at 12:38 PM on January 22, 2001
A system that is in such widespread use, that is *expected* to be run by people who don't know any better, *should* be secure.
We still talking about Linux here? That's a good argument against the MS security model, but even in the common distributions Linux is still largely a do it yourself type of OS - a pretty poor choice for people that don't want to know/care what their OS is doing.
posted by willnot at 12:52 PM on January 22, 2001
We still talking about Linux here? That's a good argument against the MS security model, but even in the common distributions Linux is still largely a do it yourself type of OS - a pretty poor choice for people that don't want to know/care what their OS is doing.
posted by willnot at 12:52 PM on January 22, 2001
If OSX is setup like the FreeBSD install I did (which I'm assuming that, for the most part, it will be) when I installed it, it was pretty barren. It wasn't quite as tight as OpenBSD, there were still a number of ports open, but for most services (like SMTP, telnet, FTP) I had to specifically alter the kernel or various configs to load them.
A general question that I just thought of. If there's no service listening on a port, is it vulnerable?
posted by cCranium at 2:19 PM on January 22, 2001
A general question that I just thought of. If there's no service listening on a port, is it vulnerable?
posted by cCranium at 2:19 PM on January 22, 2001
There are other issues here: wuftpd is a known problem --meaning not this particular exploit but its exploitablity in general. RedHat ignored other alternatives that exist out there and installs (and activates) it by default. If you are going to choose a program prone to security holes because it is the standard one, don't enable it by default; put wuftpd in the distro but enable a competitor by default: everybody's happy.
Problem of course is, RH doesn't want to *support* multiple ftp servers --which is their right. However, because of that you just lost an advantage of open source, i.e. the ability to pick a competitor component instead of going with another one for economic reasons.
If you take this argument to its logical conclusion you *may* conclude that an OSS *vendor* is subject to the same technology lock-in as a commercial software vendor --e.g. Microsoft has the same issues with dumping a component and replacing it with another (support and maintainance costs, besides development). However, an OSS vendor does not have the financial resources to facilitate a speedier technology change and, more importantly, is relying on outside human resources to develop this technology. In other words, if you're stuck with a piece of OSS that is un-sexy to compete with (BIND comes to mind) you will be stuck with it for a long time.
Can RH pay people to develop another ftpd? yes. Can they afford to? probably not.
posted by costas at 2:20 PM on January 22, 2001
Problem of course is, RH doesn't want to *support* multiple ftp servers --which is their right. However, because of that you just lost an advantage of open source, i.e. the ability to pick a competitor component instead of going with another one for economic reasons.
If you take this argument to its logical conclusion you *may* conclude that an OSS *vendor* is subject to the same technology lock-in as a commercial software vendor --e.g. Microsoft has the same issues with dumping a component and replacing it with another (support and maintainance costs, besides development). However, an OSS vendor does not have the financial resources to facilitate a speedier technology change and, more importantly, is relying on outside human resources to develop this technology. In other words, if you're stuck with a piece of OSS that is un-sexy to compete with (BIND comes to mind) you will be stuck with it for a long time.
Can RH pay people to develop another ftpd? yes. Can they afford to? probably not.
posted by costas at 2:20 PM on January 22, 2001
Exactly. Neal Stevenson compared Unix to the Hole Hawg drill in his "In the Beginning was the Command Line":
The Hole Hawg is dangerous because it does exactly what you tell it to. It is not bound by the physical limitations that are inherent in a cheap drill, and neither is it limited by safety interlocks that might be built into a homeowner's product by a liability-conscious manufacturer. The danger lies not in the machine itself but in the user's failure to envision the full consequences of the instructions he gives to it.
posted by holgate at 2:20 PM on January 22, 2001
The Hole Hawg is dangerous because it does exactly what you tell it to. It is not bound by the physical limitations that are inherent in a cheap drill, and neither is it limited by safety interlocks that might be built into a homeowner's product by a liability-conscious manufacturer. The danger lies not in the machine itself but in the user's failure to envision the full consequences of the instructions he gives to it.
posted by holgate at 2:20 PM on January 22, 2001
costas: they don't need to. More reputable distributions, such as Debian, already switched to the OpenBSD ftpd.
posted by holgate at 2:22 PM on January 22, 2001
posted by holgate at 2:22 PM on January 22, 2001
If there's no service listening on a port, is it vulnerable?
Generally speaking, no. It is conceivable that a particular networking stack might have an exploitable bug that involved a port with no service listening in a denial-of-service attaci, but that's pretty rare considering how hard most TCP implementations have been beat on over the years.
posted by kindall at 4:21 PM on January 22, 2001
Generally speaking, no. It is conceivable that a particular networking stack might have an exploitable bug that involved a port with no service listening in a denial-of-service attaci, but that's pretty rare considering how hard most TCP implementations have been beat on over the years.
posted by kindall at 4:21 PM on January 22, 2001
To respond to the headline, as an experienced design engineer I can tell you truly that nothing is foolproof. We engineers have two sayings about that.
1. "You can't make something foolproof because fools are so ingenious."
2. "Every time you make something foolproof, they invent a better fool."
posted by Steven Den Beste at 5:36 PM on January 22, 2001
1. "You can't make something foolproof because fools are so ingenious."
2. "Every time you make something foolproof, they invent a better fool."
posted by Steven Den Beste at 5:36 PM on January 22, 2001
kindall, that's what I figured, it only seems logical to me.
I can understand OS creators wanting simplicity and easy setups, but I can't understand why they don't at least make users turn services on somewhere.
I expect an out-of-the-box installation to be pretty minimal (security through obscurity can ease a lot of problems), but then I guess there's a reason I've been doing custom installs of all my software for a number of years now.
posted by cCranium at 5:41 PM on January 22, 2001
I can understand OS creators wanting simplicity and easy setups, but I can't understand why they don't at least make users turn services on somewhere.
I expect an out-of-the-box installation to be pretty minimal (security through obscurity can ease a lot of problems), but then I guess there's a reason I've been doing custom installs of all my software for a number of years now.
posted by cCranium at 5:41 PM on January 22, 2001
Hmm. I didn't expect the Hole Hawg to look exactly like that (given Mr Stephenson's description). I take it that "In the Beginning was the Command line" is still under copyright and that if I did have a link to an e-text version of it (and I'm not saying that i do) that it would be wrong and evil of me to post that link.
posted by davidgentle at 8:06 PM on January 22, 2001
posted by davidgentle at 8:06 PM on January 22, 2001
Same here. It still looks like one hell of a drill. Wonder if they make 240V models?
posted by holgate at 7:11 AM on January 23, 2001
posted by holgate at 7:11 AM on January 23, 2001
For Pete's sake, you can download the whole frickin' essay from Stephenson's own site, although I'm disappointed that there doesn't seem to be a .gz version. And thus I have no qualms about linking the e-text or how to find it.
posted by harmful at 7:20 AM on January 23, 2001
posted by harmful at 7:20 AM on January 23, 2001
« Older First day in office | What was previously speculation Newer »
This thread has been archived and is closed to new comments
posted by bkdelong at 10:18 AM on January 22, 2001