Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
While the distro I use is MX-16.1 Linux that is systemd free. Those of you that has systemd here are vulnerabilities you should be aware of. https://www.youtube.com/watch?v=rGWCWgomQp4
The key section is "pre-systemD user groups". Notice you now have to either give all 9 privileges whereas pre-SD we could assign them individually. Thats a loss of power and can be exploited.
I'm using Arch and considering Slackware to support the divergence from Systemd. I'll check into MX-16.1 as well now. Thanx for that.
I am interested in any more info you've got if you could type it out or link to a reputable text. Movies are so slow. Text lets me scan to what I need and get on with it. Tubes seem more suited to cat vids.
I'll now check into this MX flavour. Sounds interesting.
I found this article some time back, and although that particular exploit is sorted, he goes into some detail as to why PID 1 should do one thing and one thing only.. not stuff around trying to do everything including the kitchen sink with hundreds of processes hanging off it.
From the article from Andrew Ayer "The Linux ecosystem has fallen behind other operating systems in writing secure and robust software. While Microsoft was hardening Windows and Apple was developing iOS, open source software became complacent." This makes me laugh. Microsoft was hardening Windows is laughable. Windows has more back doors than a brothel and Windows 10 is spyware/malware. And Apple with their key logger is hardening? LOL
Heh yeah I did notice that - I might have to steal your phrase "more back doors than a brother" it has a bit more kick to it than my "more holes than swiss cheese". On the whole though, his key points are still valid.
Name your source. As of today, Windows and OpenBSD are the two mainstream operating systems with the most exploit mitigation techniques enabled by default, with Microsoft having an official tool (EMET) to enable the rest. The Linux kernel team does not do that, and only the laughable security of macOS prevents the Linux kernel from being the most dangerous mainstream operating system kernel.
Granted, all relevant operating systems allow their users to execute malware (e.g. JavaScript malware in today's browsers).
Name your source. As of today, Windows and OpenBSD are the two mainstream operating systems with the most exploit mitigation techniques enabled by default, with Microsoft having an official tool (EMET) to enable the rest. The Linux kernel team does not do that, and only the laughable security of macOS prevents the Linux kernel from being the most dangerous mainstream operating system kernel.
Granted, all relevant operating systems allow their users to execute malware (e.g. JavaScript malware in today's browsers).
My source is in the first post which you failed to read. What does Microsoft and Apple have to do with systemd?
You said, Windows had a large number of backdoors. The first post doesn't say that. I did not know that asking for a source is "trolling". I thought you were an anti-Windows troll instead.
You said, Windows had a large number of backdoors. The first post doesn't say that. I did not know that asking for a source is "trolling". I thought you were an anti-Windows troll instead.
Sorry for any misunderstanding.
If you're serious and not just trolling then you seem to have been missing a lot of high profile news from recent years regarding Windoze holes being used as backdoors. People at random find out about the holes, criminal groups find about the holes, government agencies find about the holes, and, eventually, M$ privately acknowledges the holes but refuses to patch until either of the first two groups get too high profile in their exploitation of said holes. Only when a patch is ready does M$ even acknowledge the holes. Sadly the patches often do not work and or break something else.
systemd adds so much complexity and failure that the same approach could conceivably be taken with systemd/Linux systems.
For sources that style of backdoor, news from Wikileaks Vault 7 and active exploits developed for known Windoze holes, like EternalBlue, would be a good place to start.
Last edited by Turbocapitalist; 07-20-2017 at 10:50 PM.
You did notice that Vault 7 included a good number of Linux backdoors as well, right?
Yes, but what is missing on the Linux side is the collaboration to encourage agencies to exploit the holes while months or years pass by before the vendor fixes them.
They, legally, don't have to ask the vendor for permission as US-American companies are required to help their agencies. Including Red Hat and Google, that is.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.