Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-08-2003, 08:48 PM   #1
Registered: Jan 2003
Location: Seattle, Washington
Distribution: Red Hat, OpenBSD
Posts: 33

Rep: Reputation: 15
What would you say is the most basic Linux weakness

For instance if I was asked this of Windows 2000, I would answer that it is the annonymous authentication that is left on. Thus allowing a person to authenticate against the box with the use name and password of NULL. From there you are able to enumerate registry bits and SIDs and stuff.

Does Linux have a simple starting point that is commonly used like this?
Old 12-08-2003, 09:14 PM   #2
Registered: Aug 2003
Location: Trento, Italy
Distribution: Debian testing
Posts: 394

Rep: Reputation: 30
I'm not a security expert, but i think the greatest weakness by far resides in root's human error / lack of care.
A strictly admiistered linux system is MUCH safer than the average home box, where permissions and sudo config, just to name a couple, are set to allow the unprivileged user to mount anything.
People (including me) edit config files via try-and-error, and i even worked on a friend's machine whose root password was "hello"
Old 12-09-2003, 01:14 AM   #3
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
The biggest threat to a system is always administrators who don't understand it. Every OS has that in common. On Linux that manifests itself in weak root passwords, daemons that run as root, out of date software versions, etc.

The really isn't any one specific flaw, since "Linux" is not a complete system the way Windows or Solaris is. "Linux" does not come with software, it doesn't come with default file systems, it doesn't come with running daemons. "Linux" is just an OS kernel. The whole system is what you wrap around the kernel and that is different with every Linux distribution. There is no common set of daemons, there is no common file system layout, there's no consistent pattern of where to find things (specifically) or what user runs them. Because of this it's extremely difficult to write a Linux worm that is effective, because Linux as an OS is so fragmented into different "flavors" that one method won't work on all of them.
Old 12-09-2003, 05:15 AM   #4
Registered: Nov 2002
Location: England
Distribution: Ubuntu 9.04
Posts: 631

Rep: Reputation: 30
Originally posted by chort
The biggest threat to a system is always administrators who don't understand it. Every OS has that in common. On Linux that manifests itself in weak root passwords, daemons that run as root, out of date software versions, etc.
I agree with this. However, different systems and default configurations make it easier or harder to get a secure system.

One way I think most new Linux distributions score over commercial UNIX and Windows is the extent to which they are reasonably secure out of the box. For example, Mandrake does not have lots of services enabled by default, has security scripts to run and report, complains if you enter a too simple password etc.

All of these are possible on the commercial UNIXs but tend to require more configuration; out of the box they are less secure.

In another way, though, Linux and UNIX can lend itself to insecurity. It is often too easy to do things which break security. On Linux/UNIX as root you can do pretty much anything by default. With a single command you can wreck the security of your box almost beyond recovery.

The AS/400 platform, for example, has a much more restrictive user interface (mainly menu driven) which makes making this sort of error more difficult. Other platforms have more granular security (i.e. different users can do different things, rather than one root user - you can implement this in Linux with some effort). At the far end of the spectrum, a device which doesn't allow you "root" access at all (e.g. your mobile phone) can prevent all but the most determined person from compromising their own security beyond what is already in the configuration (of course, you can do this with Linux too).

The trade off we have with Linux is that you get the power over your system, but with that comes higher than normal risk/responsibility as you have the power to do bad things as well as good. As usual, everything is about trade offs and the answer depends on the question - there is no one OS that's right for everything just as there's no one model of car which is right for everyone's driving needs.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fatal weakness in Linux cov Linux - Software 71 07-05-2005 05:13 AM
BASIC for linux? davstin2002 Programming 5 01-23-2004 09:58 AM
Basic for linux ? xconspirisist Programming 8 10-18-2003 03:52 PM
BASIC on Linux isom3tric Programming 2 09-30-2003 09:03 PM
I'm a BASIC chap, looking for some info on BASIC programming CragStar Programming 2 01-21-2001 10:19 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:01 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration