Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello. I'm a young computer hobbyist and I would like to get involved with computer security. I am famiiar with the basic concepts, C programming and I'm currently studying x86 assembly.
I have doubts regarding what operating system to learn and later perform security research/dev. Personally I'm a fan of the FreeBSD system which has incompareably less users than Linux Distributions.
I'd like to ask any person involved in vuln-dev viewing this thread if the popularity difference between Linux and FBSD is very important from a sec-research/devel point of view.
Let me explain. Although much of the 3rd party software available for Linux is also available for FBSD, probably many (most?) bugs are only exploitable on one system and not exploitable on the other (please tell me if this is correct from your experience). So, considering these bugs which are operating-system dependant, a new Linux-oriented bug/poc would affect therefor interest more people than a FBSD-oriented one ..?
On the other hand .. the availability of Linux POC is significantly higher than that of FBSD .. so .. would a FBSD bug/poc be of higher "significance" ?
*** Note: If I'm wrong, and most bugs are "system-independant" (let's say Linux/FBSD) .. (i.e. a bug affecting software X under Linux will in most cases also affect software X under FBSD) .. please tell me .. and also I would appreciate it if I'd know if a POC designed for Linux would have to undergo significant changes to be "ported" (i.e. work against) FBSD (I know it depends on the bug, method of exploitation etc. .. but I'm looking for a "statistical view", i.e.: "most poc against linux require little to no modif to work against fbsd" .. or the contrary..)
It really depends how you want to approach this.
The most security-minded OS is probably OpenBSD. Not many users at all, but focused just on security and vulnerability prevention. If I studied security, this would be the one OS I'd look into. You'll learn a lot there.
I'm not trying to learn from the operating system secure coding practices.
I'm asking:
#1. Are most 3rd party bugs exploitable both on Linux and on FreeBSD (or NetBSD or whatever)?
#2. If answer to question #1. is "NO" .. then for a security "expert" seeking fame, what would get him there faster: PoC for FBSD or PoC for Linux .. or both will do just as good..
#3. If the answer to question #1 is "YES" .. how much modification would a PoC for FBSD need to work against Linux ? (statistically speaking .. "a lot" / "little to nothing")
I hope this makes things clearer, thank you for the reply however
#1 -> if they are OS exploits, probably not; if they are application exploits, I think so
#2 -> If you seek fame, crack OpenBSD. OpenBSD claims "Only one remote hole in the default install, in more than 8 years!". No other OS has this AFAIK.
#3 -> again, if it's an application exploit, probably none most of the time
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.