Linux security - Is Linux getting to big?

[Jonathan_R]

I read this article, CommsDesign - Linux and Security: Mission Impossible? and it brings up some good points. With the kernel being at about 11 million lines of code, it is becoming unmanageable, and thereby more vulnerable.

Anyway, I found it an interesting read. Don't think I agree with all his points.

[techwiz03]

Quote:

Originally Posted by Jonathan_R

I read this article, CommsDesign - Linux and Security: Mission Impossible? and it brings up some good points. With the kernel being at about 11 million lines of code, it is becoming unmanageable, and thereby more vulnerable.

Anyway, I found it an interesting read. Don't think I agree with all his points.

Ha! Too funny! 11 million lines of code for a kernel is very light now adays! Windows Vista uses over 29 million lines of code for the basic and 38 million lines of code for the kernel under ultimate. Linux Kernel developers should be applauded!

The article suggests that with that many lines of code and the frequency of revisional changes it must be unmanageable. I would therefore contend that maybe M$ and Mac which are both considerably larger OS's with a much smaller programmer base than worldwide Linux has would fall under more direct concern.

The article goes on to point out that there is need for concern over some 5000 to 10000 Kernel failings. Interestingly, they make bold statements without factual examples or support. True the kernel fails under various specific formats, but I guess they can squawk and ignore all the Windows crashes plaguing almost every user at one time or another.

Yes we all need to be concerned about security of system in use everywhere. Question is though, how much is due to user/IT configuration issues, and how much is from either current vulnerabilities or new threats?

IMHO I'll stick with Linux far more likely than to use the well known buggy unsecure M$ alternative.

[Knurpht]

It's the new hype. They have read Linux Torvalds saying something about the kernel becoming too big, did not read on to read him say that thinking that is one thing, knowing it's unavoidable (yet) another. The overall tendency is that it's fashionable to make a big issue out of linux security..
From everyday real world: the vast majority of webservers are linux systems, for just one reason: security.

[oldcpu]

Well, I guess its healthy to keep looking at these things.

I see someone, through a bit of effort, finally managed to get a virus run under wine better than they have in the past: I Can Haz Virus

To stop the virus completely, they had to kill Wine. Although given most of us have very few windows apps running under wine, I suspect thats NOT a big issue. Its also very easy to keep a clean backup of one's .wine directory.

To get this virus to run under wine, Firefox tried to stop the user 3 times before they even saw the infected file. Then they had to downloaded it, and run it manually under wine as a regular user. To do the amount of harm they would have to run it under wine with root permissions (who would every do that ? ). The virus would then proceed to do its "evilnesses", but of course it could be killed just as easily by removing the infected .wine.

So the virus would be limited to wine apps, and would have a hard time propagating, ... but goes to show, if nothing else, that wine is getting better and better at allowing Windows apps to run.

[Knurpht]

Oldcpu, your conclusion made my day, seeing virusses as an improvement of wine.

[oldcpu]

The more one learns about Linux, the more I suspect one can comprise Linux via a combination of Trojan horse methods. The trick is initially penetrating one's system, and then hacking further.

A couple weeks ago, someone was successful in hacking my 83-year old mother's password on Facebook via a phishing attack. They did this by sending her an email with a note that there was a post for her on facebook, with a Link for her to sign in. Even though I hold told her to always ignore such emails, she clicked on the link, and was taken to a page that looked like the facebook log in page and asked for her username and password for facebook. She entered it, and they then had:

• her ip address
• her facebook user name
• her facebook password

Her friends started complaining about Facebook posts from her, and Facebook eventually discovered her account had been hacked, and suspended it, forcing her to reopen with some special questions.

But I was then immediately worried that her Linux PC could have been hacked because they had her "ip address". Turns out she used the same password on facebook as she did on her PC (a mistake). Fortunately her user name was different, although not that different. It was possible a clever bot could have guessed her PC user name, based on her facebook user name.

Hence a bot could have hacked into her PC via ssh with that information.

I immediately got paranoid as soon as I heard of this, and I logged into her PC in Canada from here in Europe (via ssh/vnc) and checked her logs and such for suspicious activity. I also changed her passwords. I also had her change her HotMail password.

What concerned me was someone could put a clever batch file called "passwd" under /home/mothercpu/bin such that any command to change the "passwd" for root or for a regular user would be intercepted as soon as "passwd" was run. The batch file could then clean itself up and further launch a root kit, with root permissions. And her Linux PC would then be totally compromised, with a re-install being necessary to repair.

Now thats a rather obvious hack, but IMHO it could succeed in compromising the PC of an 83-year old grandmother, where with me in a different continent would mean it is very difficult for me to help.

Fortunately I found no nefarious activities, ... but it did give me pause for thought.