LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-08-2003, 07:48 PM   #1
wayloud
Member
 
Registered: Jan 2003
Location: Seattle, Washington
Distribution: Red Hat, OpenBSD
Posts: 33

Rep: Reputation: 15
What would you say is the most basic Linux weakness


For instance if I was asked this of Windows 2000, I would answer that it is the annonymous authentication that is left on. Thus allowing a person to authenticate against the box with the use name and password of NULL. From there you are able to enumerate registry bits and SIDs and stuff.

Does Linux have a simple starting point that is commonly used like this?
 
Old 12-08-2003, 08:14 PM   #2
ac1980
Member
 
Registered: Aug 2003
Location: Trento, Italy
Distribution: Debian testing
Posts: 394

Rep: Reputation: 30
I'm not a security expert, but i think the greatest weakness by far resides in root's human error / lack of care.
A strictly admiistered linux system is MUCH safer than the average home box, where permissions and sudo config, just to name a couple, are set to allow the unprivileged user to mount anything.
People (including me) edit config files via try-and-error, and i even worked on a friend's machine whose root password was "hello"
 
Old 12-09-2003, 12:14 AM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
The biggest threat to a system is always administrators who don't understand it. Every OS has that in common. On Linux that manifests itself in weak root passwords, daemons that run as root, out of date software versions, etc.

The really isn't any one specific flaw, since "Linux" is not a complete system the way Windows or Solaris is. "Linux" does not come with software, it doesn't come with default file systems, it doesn't come with running daemons. "Linux" is just an OS kernel. The whole system is what you wrap around the kernel and that is different with every Linux distribution. There is no common set of daemons, there is no common file system layout, there's no consistent pattern of where to find things (specifically) or what user runs them. Because of this it's extremely difficult to write a Linux worm that is effective, because Linux as an OS is so fragmented into different "flavors" that one method won't work on all of them.
 
Old 12-09-2003, 04:15 AM   #4
iainr
Member
 
Registered: Nov 2002
Location: England
Distribution: Ubuntu 9.04
Posts: 631

Rep: Reputation: 30
Quote:
Originally posted by chort
The biggest threat to a system is always administrators who don't understand it. Every OS has that in common. On Linux that manifests itself in weak root passwords, daemons that run as root, out of date software versions, etc.
I agree with this. However, different systems and default configurations make it easier or harder to get a secure system.

One way I think most new Linux distributions score over commercial UNIX and Windows is the extent to which they are reasonably secure out of the box. For example, Mandrake does not have lots of services enabled by default, has security scripts to run and report, complains if you enter a too simple password etc.

All of these are possible on the commercial UNIXs but tend to require more configuration; out of the box they are less secure.

In another way, though, Linux and UNIX can lend itself to insecurity. It is often too easy to do things which break security. On Linux/UNIX as root you can do pretty much anything by default. With a single command you can wreck the security of your box almost beyond recovery.

The AS/400 platform, for example, has a much more restrictive user interface (mainly menu driven) which makes making this sort of error more difficult. Other platforms have more granular security (i.e. different users can do different things, rather than one root user - you can implement this in Linux with some effort). At the far end of the spectrum, a device which doesn't allow you "root" access at all (e.g. your mobile phone) can prevent all but the most determined person from compromising their own security beyond what is already in the configuration (of course, you can do this with Linux too).

The trade off we have with Linux is that you get the power over your system, but with that comes higher than normal risk/responsibility as you have the power to do bad things as well as good. As usual, everything is about trade offs and the answer depends on the question - there is no one OS that's right for everything just as there's no one model of car which is right for everyone's driving needs.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fatal weakness in Linux cov Linux - Software 71 07-05-2005 04:13 AM
BASIC for linux? davstin2002 Programming 5 01-23-2004 08:58 AM
Basic for linux ? xconspirisist Programming 8 10-18-2003 02:52 PM
BASIC on Linux isom3tric Programming 2 09-30-2003 08:03 PM
I'm a BASIC chap, looking for some info on BASIC programming CragStar Programming 2 01-21-2001 09:19 AM


All times are GMT -5. The time now is 01:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration