Reflecting on Linux Security in 2003

LogError writes "Here's a look at some interesting happenings with Linux security in 2003 with comments by Bob Toxen (one of the 162 recognized developers of Berkeley UNIX and author of "Real World Linux Security") and Marcel Gagne (President of Salmar Consulting, Inc. and author of "Linux System Administration - A User's Guide" and "Moving to Linux")."

Re:Head, meet Sand

[divide+overflow]

> Apparently you missed that story last month regarding the hack which exploited a Kernel bug. This effected ALL distros, since it was a kernel exploit.

No, I *didn't* miss it. I'm on the BugTraq mailing list.

>Also, the page for Windows doesnt just list OS components either. So, as far as security tracker goes, it IS apples to apples.

Without a direct comparison of the number of exploits for code that comes with the OS for both systems your statement is speculative at best.

>One can also argue that IIS is not really a Windows component, since it is an optional service.

Baloney. IIS comes on every Windows CD-ROM and is used by lots of Microsoft apps. And there's plenty of bugs that cross boundaries thanks to Microsoft's blurring the distinction between OS and application...like that WebDAV bug in ntdll.dll that was exploitable via IIS.

>But thats the way they organize their site. If you dont like it, talk to Security Tracker; Im sure they would be happy to hear from you!

Don't blame Security Tracker for the deficiencies in your analysis!

Re:Nice idea (?)

> Mmm, your close. More correct would be:

Once again:

Your == possessive form of 'you'
You're == YOU ARE

You STUPID, fucking, illiterate American. :p