LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-09-2012, 04:43 AM   #1
narin1975
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Rep: Reputation: Disabled
GUI and security


Someone told me that installing linux on the server without the graphical interface components will help secure the system.

I am curious to know why the graphical components can add security risk to the system?

Narin
 
Old 11-09-2012, 04:52 AM   #2
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
Disclosure: I'm no expert at computer security.

Assuming that we define security as simply blocking unauthorized users, then I don't see how there would be an issue. I think the real issue comes with all the ways to manipulate programs to do bad things (without ever actually logging on the the system). In these cases, I'd assume that less installed SW (GUI or otherwise) would result in higher security.

Quote:
Someone told me...
Ask them why....
 
Old 11-09-2012, 05:30 AM   #3
narin1975
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
their answers seem to be as what you said:-)
 
Old 11-09-2012, 09:44 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,492
Blog Entries: 54

Rep: Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908
Quote:
Originally Posted by narin1975 View Post
why the graphical components can add security risk to the system?
There's a few ways to approach such a question:
0. The first would be to look for the reason one would want a graphical server in the first place. Often this stems from a lack of basic Linux knowledge (let's leave out the sheer lazy, the criminally irresponsible and those who actually know what they're doing). Basic familiarity (sure some tasks may require a GUI) with "doing things the Linux way" gained by reading and practicing alleviates the need for a GUI in the first place.
1. Secondly one of the basic rules tells you to only install what software you need right now. Practically speaking this minimizes time spent on maintenance (having to configure users and software, check for security fixes, etc, etc.) and it minimizes exposure. Simply put if the network port isn't accessible it can't be accessed, if the process isn't running it can not be subverted and if the software isn't installed then no user can fsck it up exploit it.
2. The third one is to look at the effect of having and running a graphical server. In its simplest incarnation the "graphical interface components" you talk of require an Xserver, its extensions, low level functionality, graphical and other libraries and drivers, a font server, a Window Manager (WM) and X-capable utilities. If you perform a standard installation of a mainstream Linux distribution you get on top of that a complete Desktop Environment (DE) including a graphical Display Manager (DM), File Manager (FM), multi-media and other utilities plus their supporting binaries and libraries. Apart from the expanded footprint such an installation offers, running the Xserver itself poses problems in the way its drivers (ab)use memory and manipulates devices ('man ioctl') to get things to work, a DM may listen to the network for connections, a WM or FM may come with "features" that can be abused (say autorun settings). And that's just the tip of the iceberg.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Linux Security Circus: On GUI isolation LXer Syndicated Linux News 0 04-24-2011 02:20 PM
Secure Debian-based with GUI distribution? Security reading material (e-versions)? computer_freak_8 Linux - Distributions 10 08-12-2009 12:12 PM
Writing GUI front-ends: what language + what GUI library? pear Programming 7 07-07-2008 08:17 AM
GNU/Linux GUI Security Suite gashgordon Linux - Security 24 09-23-2007 01:46 AM
GUI login, security hole Darin Linux - Security 2 01-30-2003 01:27 PM


All times are GMT -5. The time now is 10:57 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration