Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA

From: Felmon John Davis (nemo@nowhere.edu)
Date: 12/23/01 

From: "Felmon John Davis" <nemo@nowhere.edu>
Date: Sun, 23 Dec 2001 22:11:27 GMT

In article <86heqhzmer.fsf@potato.vegetable.org.uk>, "Tim Haynes"
<usenet@stirfried.vegetable.org.uk> wrote:

> "Felmon John Davis" <nemo@nowhere.edu> writes: [snip]
>> Here's what I don't yet understand. I know this hole for a potential in
>> XP is quite serious. But aren't there equally serious holes for
>> potential exploits in Linux? I was just reading of (another)
>> vulnerability in wu_ftpd. (I know the definition of 'linux' can be as
>> narrow as the kernel and as broad as 'everything in a distribution';
>> the 'only the kernel' definiton seems too narrow to me.)
> Linux *is* only the kernel. Without it you wouldn't have a
> linux-anything, let alone an OS. Anything else in a distribution has
> come from the compilers of the distro; the majority of that is GNU
> tools, as well. There is nothing more correct than to say that Linux is
> the kernel, and a distro may well be GNU/Linux.
I'm skeptical about the usefulness of this kind of definition. When I tell
people, "I use Linux," I am not referring exclusively to the kernel.

The real issue is commensurability: I want to compare things that are
comparable. If CuteFTP crashes, I don't say, "Windows crashed" (unless it
was in fact a kernel panic). If I say, "Windows is less secure than
Linux," I want to know what I'm comparing with what. Otherwise, the
statement is meaningless.

>> I'm not interested in a flamefest. This is an earnest question. Is the
>> present uproar over XP because this is a gaffe without parallel in
>> other operating systems (so 'technically inferior'), or is it because
>> Microsoft has put their foot in their mouth (so (also) 'political' or
>> PR), or some other reason?
> If M$loth one the one hand say that XP is the most secure windoze ever,
> and on the other that it has the world's biggest cockup ever in it too,
> judge their consistency for yourself. If your (GNU/)Linux distro claims
> to be secure, first shoot the messenger, then look for the corresponding
> world's-biggest-cockup in it too, and judge the consistency for
> yourself.

I understand. So here we are comparing 'distros' with Windows, not just
'kernels'.

>> What I'm gathering is:
>> (a) it's partly 'technical inferior' in the way that a distribution of
>> Linux would be 'technically inferior' if it included an easily
>> exploitable service such as 'wu-ftpd' turned on and set up by default
> Yes. If you have remote-root vulnerabilities out of the box, you're
> shipping <excrement>.
>

The Linux distros _used_ to have certain risky services on by default and
as I recall, wu_ftpd used to be among them. I wouldn't have called them
<exrement> though. But now the world is quite a bit more dangerous.

I used to live in a university town as a grad student; I was lucky to be
housed in one of the quaint wooden houses that belonged to the
university. I recall that though we locked our individual rooms, the
front door was usually unlocked. (I don't believe I had a key to the
frontdoor actually.) I would be _very_ surprised if the same situation
prevails there now!

Now, if a distro included wu_ftpd switched on by default, I guess I
_would_ call it <exrement>.

>> (b) it's largely 'political' or PR since MS crowed about his security
>> superiority and criticized Linux, et al., on this score.
> Comes from M$loth => is more PR & politics than substantive.
>> I do think their including a 'service' like this turned on by default
>> is irresponsible and then when it's buggy to boot it's almost criminal.
> See `consistency' above; it wouldn't be so bad if it wasn't crowed from
> the rooftops.
> For bonus points, consider the approach that says "but a *competant*
> admin would turn that off", and contemplate what proportion of *windoze*
> people are likely to be competant, versus the proportion of linux folks.
> While there are still far too many linux-idiots out & about who don't
> give a fig for security and are therefore responsible for adore/ramen et
> al being able to spread, I think things still err in linux's favour.
> ~Tim

MS needs to do something to educate their users even _while_ the user is
installing the software. Maybe they do - I am not familiar with anything
other than the Win9x series. They usually, however, want to hide anything
that looks 'too' technical from the user. This is an error in today's
dangerous world and maybe also an insult.

Thank you for your comments, I'm getting a bit clearer about what I
think.

Felmon

Relevant Pages

  • Re: [opensuse] legalities
    ... It isn't the kernel that is the problem, ... support software, multimedia, graphics, word processing, ad nausium, ... Linux, as is Debian, or whatever distro you happen to like. ...
    (SuSE)
  • Re: No new posts...did you all get wiped out with the new windows worm?
    ... I think of "Linux kernel, ... the same way I think of "Windows kernel, Windows distro". ...
    (misc.news.internet.discuss)
  • Re: Linux distro request
    ... I've also been looking for a GCC development Linux distro that has: ... (Poorly setup /etc/fstab preventing unmounting the booted device is a ... a 1.2 kernel which would conflict with your number 5. ...
    (alt.lang.asm)
  • Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA
    ... >> come from the compilers of the distro; the majority of that is GNU ... > tell people, "I use Linux," I am not referring exclusively to the kernel. ... that's best defined as "what you might expect to fall off the install CD", ...
    (comp.os.linux.security)
  • Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA
    ... I know this hole for a potential in ... (I know the definition of 'linux' can be as narrow as the kernel ... > and as broad as 'everything in a distribution'; the 'only the kernel' ... > it's partly 'technical inferior' in the way that a distribution of ...
    (comp.os.linux.security)