Slashdot Mirror
Army Dumps NT as Web Server, Moves to Mac
kootch writes "This sounded too funny to believe, but I think it's true. The US Army, after being the victim of a script baby and having their web pages vandalized, has moved their site from an NT box to a Mac box running WebStar as their server software. Don't believe me? Go here!"
(Disclaimer: Apple folks, I have a moral obligation to tweak macs. I grew up with an Apple IIgs.)
Ah, yes. There's nothing like a brick wall to prevent someone from breaking the lock.
MacOS actually gets some bonuses from its, uh, quaintly anachronistic operating system tendancies. (This is not a flame. I think it's cute to tell an application how much memory it gets. See disclaimer. Tweak. Tweak.) For example, the fact that the entire OS is really built to communicate over Appletalk instead of TCP/IP means there's absolutely *nothing* open by default for abuse on the general Internet.
Those who remember these kind of things will note that *the* definitive, original WinNuke was a bug in the TCP handling of an "Out Of Band" packet sent to port 139 on a Windows box. Open door. Boom.
As much as I love Linux, there are more open ports in your standard issue distribution than you're likely to find in an average brothel. Unix in general is hooked into TCP/IP addiction on a practically native level.
The speed on the mac might not be great. The stability probably won't be perfect, but who knows. With much less embedded functionality, there's Just Less To Break.
"We here at the US Army know that the most secure computer is the one that isn't plugged in. We use the next best thing."
Yours Truly,
Dan "Must Never Post When He's This Tired" Kaminsky
DoxPara "Will Have No Memory Of This Post" Research
http://haveasenseofhumor.www.doxpara.com
Once you pull the pin, Mr. Grenade is no longer your friend.
the article says:
yes, the macOS has no 'root' or shell-type access, and, by itself, is arguably one of the most secure platforms available, if only for the same reason that is is one of the most virus-immune - very few hackers, crackers, or virus writers use macs (despite all the movies like 'hackers' and 'the net')
and, by that same token, any web server just serving up http and ftp is fairly secure. adding on all the other services, and opening up ports to who-knows-what is asking for trouble. simpler is better. and a mac as a webserver is a very simple solution.
since when has the w3c been in the business of security surveys? oh well.. they're right on a few accounts, but may not be totally up to speed on the software they're talking about. the mailing lists are/have been alive with reports and fixes for security holes in open transport, os8, webstar, and all the various plugins that come along with it.
if i were choosing the most secure server for the mac, however, would have gone with webten, an apache-based port by tenon, over webstar (if one were to go with a commercial package). it's fast, reliable, and simple - no fluff. the latest issue of webstar folds in all kinds of services that are unnecessary, and have proven to be security risks in the past. my sites are running on webstar 3, but that's because of how easy it is to add new domains and administer/monitor.
the press-release tells us the mac 'does not allow remote logins'. well, if you open it up via appleshare or install timbuktu it does. even if you don't, and you stick entirely to the webstar package, you get lasso (database), a pop/smtp mail server, proxy server, ftp server, and remote admin tools by default.
i expect the army has disabled lasso - as it has been shown to be a gaping hole in previous, standalone releases - and probably use a dedicated mail server, proxy, etc., but the main webstar server cannot be administered without either a separate admin tool (which can be run locally or remotely via tcp/ip) or web-based admin, whose security is, in my experience, pretty easy to get around.
all that aside, the mac makes an excellent web server. pare down the software to the essentials, give it plenty of RAM and a steady power supply, and it should be happy and stay that way for a good while.
as for apple's PR picking this up, i think they would prefer it if the army had chosen osX server with apache, since os8.x is not really a server product.
- Entertaining Bits from the Ancient Kernel Tree
I'm usually very calm and collected in this sort of situation, but I just can't hold it back.
OPEN YOUR SMURFING MINDS!!!!!!
All this "haha, web server on a Mac" crap is really getting to me. This place is so Linux-bigoted that it simply amazes me. You don't bother to find any facts or think about the situation at all. If you did, you would realize that Macs are the most secure mainstream web server available for this sort of task. Sure, they may not perform nearly as well as Apache et al, but how are you going to hack a box that has no facilities, no conception, of remote administration or control?
Sure it'll be slow, but good luck breaking in without actually sitting down in front of the thing.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
without ever having to worry about someone getting root.
Yeah, you don't have to worry about someone getting root, because once they're on the box, they *are* root. They can delete the system folder, install software, anything. I bet there's not sandbox for CGI either - one buffer overrun and you can trash the operating system.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
Keep in mind that we're talking about a government web site. That means no ads. Hence, there's not going to be nearly so much dynamic content. With static web pages, the server doesn't need to nearly as much work. I remember back in 1995 when www.dartmouth.edu came to life on a Mac, and stayed that way for a year or two.
/.ed. Then the network isn't the issue--it's saturated with incoming requests, so forget about outgoing data. The server then has request after request queueing up. So how large can that queue get before problems show up? Will the software gracefully drop connections, or will the OS crash when some number of active connections is exceeded? Will the web server run out of memory and crash?
/. right now.
Now the problems you're likely to see are when a server gets
It looks like www.army.mil is learning about
This news gives a little more meaning to Apples G4 commercial about a group of tanks defending the G4 box. Does this mean Apple will annouce a new color, "Army Green?"
-Vel
There are various programs (Like folderbolt) that "lock" files and folders (directories in Unix speak)...even entire disks. Like with Unix, you can attribute different levels of access...deny all, read only, write only, etc.
To kick it to the next level, every directory or file can have its own password. Once you are in on a Unix box as root, you have the keys to the candy store.
So if a wily cracker were able to take advantage of a mythical overflow, and by some miracle managed to upload executeable code, when it tries to modify the read-only files, the system it will prompt for a password. Recieving none, it trips all sorts of alarms.
Some of these security programs can also encrypt/decrypt on the fly.
So, the MacOS, alone, is more secure than all but the most carefully audited Unix box. Add something like folderbolt, and security is no longer an issue...even for the Army.
SoupIsGood Food
That's a heck of a weird theory. On a single-user system, *everything* runs as root.
I've used WebStar and Pictorius before on a Mac (prefer the latter, myself), and it's not half bad as a web server, but I wouldn't put anything stressful on 'em, as I'd be afraid of stability problems.
Remember, Apple was the last big OS vendor to fix the ping-o-death problem (took 'em until MacOS 8).
--
Interested in XFMail? New XFMail home page
"open source software, on the other hand, allows you to check the source yourself (eg, grep strcpy *.c) and quickly fix known bugs. "
:-)
Um, it's the unknown bugs that are the problem. Making source available does not always result in fewer bugs. At all. There are plenty of rock solid closed applications, and plenty of flakey open source applications*. People who want stability go with stable software, wherever it is from.
The fact that there are fewer crackers or scripts targetting Mac OS does not make Mac OS more secure - but it makes it much less likely to be compromised.
In real life (i.e. the time spend earning your rent/mortgage), running a web site that is unlikely to be hacked is often more useful than running a theoritically more secure one that is likely to be hacked.
*If you really don't believe this, email me for a list
-----
Most computers are more than powerfull enough to flood a T1. I am sure the of has plenty of horespower.
As for security. Most of the apple web servers use Apples fairly old ACL per directory for file shareing. The Permission are secure and have stood up to time. As far as connecting to the files system from remote if you use another Mac it does indeed encrypt the passwd.
The Mac has very limited functionality for networking built in on MacOS, this makes it more secure. Apple fixed the TCP/IP large packet bug back in 1995. The current IP stack is fairly fast and based on the System V steam type TCP/IP stack.
Most of the Apple web site security issues have been from Filemaker integration. Filemaker is a GUI DB for MacOS (it has issues).
One of the other advantages to not having any cosole based applications, no concept of standard in and standard out, is if you do run an application on the Mac it doesn't do anything usefull. Also MacOS doesn't have any sensible kind of IPC or RPC support so even if you can compromise a single application it is extremly difficult to get to the operating system or another application.
If you did use Perl, your perl scripts need to be safe. But again on a Mac, there is no plain text file that you could grab security information.
Open BSD could be made equally secure, but it would take lots of customization and intelligence about it, the Mac is VERY high security for default configuration. Though flexibility is an issue with Macs.
"His[Mankind's] heaven is like himself: strange, interesting, astonishing, grotesque." -Satan "Letters From Earth" Mar
Macs make secure web servers because they don't have anything to exploit. How the hell are you going to exploit something that has NOTHING listening to the network except an HTTPD listening to port 80, delivering a static page. About the only thing you could try is a DoS attack. *NIX boxen usually have 50 daemons running, and often crazy protocols like NIS that make them wide open to attack. WebStar is a solid HTTPD, too. Despite the comments here about Mac OS stability, the fact of the matter is that most of the problems with it are due to lack of memory protection. If you are running a solid application that doesn't have memory leaks and wild hair pointers, it can be very stable. I ran a Mac OS server with AppleShare on a UPS that had an uptime of 3 YEARS. That is stabilty as good as you can get on any system. In reality no server is any better than the stability of the network applications it runs and the OS, and the fact of the matter is if you are careful you can find good Mac OS versions and good applications. Mac hardware was generally better engineered than the PC equivalent (lack of cost pressure I guess) so you had that going for you too. One writer here mentioned Mac OS on a 7100. THAT IS A VERY BAD COMBINATION. The 7100 is a kludge, being the first PPC Mac pasted onto an old Nubus architecture. The Mac OS of the same period had a very crufty emulator as well, and the pair really were unstable. But not all Macs are that way....
AFAIK if they are using Webstar they must be running MacOS 8.x, not MacOS X server as some previous comments suggested.
In the June 1999 issue of MacTech Magazine there was an interview with Chuck Shotton. He is the guy who created, in 93, the first Mac http server MacHTTP, which later became Webstar.
In the interview he explains how they made Webstar into a high-performance web server. To summarize:
a) use of caching to avoid hitting on the dog slow MacOS filesystem
b) optimizations to have the right balance between I/O time and calculation/processing time
c) taking advantage of the MacOS thread manager and the fact the MacOS 8.x is NOT a premptive multitasked OS.
c) will sounds odd to most; what they do is that since the app has control over the premption (rather than the OS) they use that advantage to minimize the number of context switches, etc. i.e. they have their own highly tuned and specific scheduler rather than relying on the generic scheduler of the OS.
This is pretty cool on a dedicated MacOS box that do just web server.
As for MacOS crashing, my router is running MacOS 8.6, it has been up & running nicely since I last booted it, one month ago; it has never crashed so far.
Note: I'm not saying MacOS is the best, fatest and most stable OS out there; just that for some applications a Mac can be stable and fast plenty.
As far as security go, since you can't remotely login on a Mac and since there is no shell, you don't have any risk of someone exploiting some buffer overflow bug or remotely using the box. (Note tho that you could add softwares to control you Mac remotely, like Timbuktu or VNC, but then you are taking risks, as on any other OS with such means.)
Just my $0.02
Janus
I've been reading the replies to this article and I have to say I am simply *astounded* by the ignorance towards the Mac and MacOS that I have read.
I logged onto the Army site and it came up really fast. It was not Slashdotted as many other sites get after being listed on Slashdot. One ignorant reader even jumped to blame the MacOS because he was not able to get onto the site. I've got news for that person, there are many reasons *you* can't reach site, the most likely is that the problem is the connection between your client machine and the server. Also, does that same reader blame Linux when Slashdot had all the frequent downtime not too long ago?
Another reader mentioned that the server probably cost "1000s" of times what their (certainly hypothetical) presumably Linux server would cost. When is the last time he/she shopped for a Mac? I've got news for you, Macs use all the same compenents as PCs these days and cost about the same for a *comparable quality* PC. Apple simply chooses higher quality parts than the crappy machines one can buy at CompUSA and, worse, Circuit City. Oh let me guess, that person is going to "put together" their own hand built machine. Good for you, I just wouldn't want to be the poor sap who has to maintain your little computer project when it has a hardware problem. I mean who would I call for customer support? You? Give me a break. You just want an excuse to bill your client.
Then there's the *cost* of maintanence. The Mac server will be configure and forget. Configuration will take about 15 minutes. Let's use a 14 year boy who can do it at minumum wage, that's about $1 for his time. Now a Linux server is going to take, what, all day, to configure with security. At $100+/hr that's about $800 setup fee. Oh and what happens when your Linux server gets cracked because you didn't hire the supreme Linux security gurus (for much more $/hr) - or the latest security flaw of the month in Unix is discovered? That costs money to fix too.
And then there's the people who think the Mac needs to be re-booted once a week. That was about 5 years ago with MacOS 7.6. Today's Macs with MacOS 8.6 will probably need to be re-booted only when replacing the hard drive or an extended power failure. No, the memory is not protected, but at least the web page is from crackers.
It's not like the Mac does not have protected memory. Apple makes a server OS called MacOS X Server and it does. But it also has the underlying security issues because it is based on Unix. The (wise) managers don't want to have to deal with crackers - Get it?
To all you Linux bigots, I hope you don't break your arms patting yourselves on the back for putting down the Mac server. The Army's Mac is running great and makes a great web server. To Roblimo I have to say that the only thing that is funny is the attitude that Linux is superior to all OSes for everything. Some of us just want the job done and don't need to show our "superior" computer skills because we understand a CLI and our manager does not. Enjoy yourselves in your hacking, I've got work to do!
everyone keeps saying "use linux, not a mac". macs are hardware, linux is software; so that statement makes no sense. as for me, i run linux on a mac.
This is absurd. There's much more to security than whether the system includes a command line. Someone argued that a single-user system is more secure than a multiuser system because it has no root account. That's a complete crock. The MacOS (pre-OS-X) has no memory protection to speak of. So *every* program runs with what amounts to "root" privileges.
/bin/sh, but, hell, if you can run arbitrary code with operator-level access I'm sure you can think of something. One more reason why designing a system for multiuser access from the beginning is simply a Good Thing, whatever the disigenuous claims of MacOS apologists.
If you exploit a buffer overflow in Apache on a multiuser system you end up with access restricted to whatever user the daemon is running as. But if there is a buffer overflow in Webstar or any scripts it calls on the Mac, then exploiting it gives you root-level access to the entire system. Sure, you have to do something more clever than just spawning a
security through obscurity == no security
that is, if you rely on the intruders' ignorance as your primary line of defense, you are completely screwed the moment you encounter an intruder whose knowledge includes information about the holes in your system.
much better to have a system whose exploitabilities are known and repairable than to have a system whose holes are unknown and unrepairable.
A lot of posts here are calling for a Linux/Apache solution to the Army's problem. Ahem... [[stepping on soap box]]
Keep in mind what these army folks were looking for: a secure, virtually administration-free, relatively stable webserver that is resistent to remote attacks. For that application, a Mac server makes sense.
Why didn't they choose *nix? The admins probably aren't big tech heads, and the fact that several flavors of UNIX are free probably scared off their superiors anyway. But for this application (remeber, they're concerned with remote attacks) I'd say MacOS is definately more secure for a couple of reasons:
- No shell, thus no root shell (duh!)
- The lack of publicly known kernel knowledge (has anyone even tried hacking a Mac?)
- Not multi-user
- No remote access
My point is, thinking Linux is the correct OS for every application (and advocating it that way) is just plain naive.
--Mid
.. in "Practical Unix and Internet Security" (the Safe Book, IIRC) that use of the Mac is preferred, though he was referring not to OS X (since it didn't exist yet) but the regular MacOS. His theory is that the single-user system is tighter without a root account, and you can tighten things down without ever having to worry about someone getting root. Not sure I can totally buy it. Its in the index somewhere, I forgot the page reference and I'm not sure where my copy is right his second...
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
So any knowledgable hackers want to enlighten the ignorant among us as to the virtues of Mac web servers? I'd be really interested how they stack up to the favorite Slashdot choices such as Linux, OpenBSD (I mention it over other *BSDs because of its emphasis on security, but obviously hearing about {Free,Net,*}BSD would be cool too), and even commercial Unices like Solaris. Any takers?
----------
In a real emergency, we would have all fled in terror, and you would not have been notified.
Netcraft tells us:
www.army.mil is running WebSTAR/4.0 ID/70636 on MacOS
And it's not a G4.... the headlines on www.army.mil tell us that it is a G3...
The heavily trafficked MacIntouch uses Webstar. So, I would say that MacOS is a stable platform for a webserver, but no barn burner by any means.
remy
http://www.mklinux.org