[oclug]Linux too hard?
rgfranks at alumni.uwaterloo.ca
Sun Nov 24 21:50:58 EST 2002
>>>>> "Shad" == Shad Young <shad.young at sympatico.ca> writes:
Shad> Actually, Phil, Linux/GNU is based on UNIX and Unix wasn't
Shad> really designed with security in mind. (do a search for UNIX
Shad> security and history to see what I'm talking about) UNIX's
Shad> of any flavor had a hell of a lot of work to do to get
Shad> secure. Please recall the original Internet worm was
Shad> prolific because security was so lax. Linux has the benefit
Shad> of being developed post Internet, when these issues were
Shad> becoming more serious.
Au contraire. Unix was designed from day one with security in mind as
it was designed to be multi-user from day one. One didn't want to
have somebody elses errant programs wiping out ones work. Contrast
this with windoze, which sort of added multi-tasking on top of a
program loader (Win 3.1). M$ is still trying to fix that one.
Further, using `C' as a programming language probably didn't help
either, as one has to to be very careful to avoid the dreaded buffer
overrun. Regrettably, the number of really good C programmers isn't
that high. And, at the time that Unix was developed, things like
Insight/Valgrind/Purify didn't exist. The C library certainly didn't
help here either (man getstr(), scanf(), etc...). Note that the
Morris worm was a classic stack overrun.
Now, I will admit that Unix never had the security goals of something
like Multics or GCOS or MVS. But then again, Unix could run on a
PDP-11 (16 bit address space, 128 K Bytes of total memory if you
splurged on split I and D). Networking everthing under the sun hasn't
helped either. If you really want to be secure, don't connect your
computer to the outside world.
__@ Greg Franks <| _~@ __O
_`\<,_ Ottawa, Ontario, Canada |O\ -^\<;^\<,
(*)/ (*) (*)--(*)%---/(*)
"Where do you want to go today?" Outside.
More information about the OCLUG