Re: sick of Linux bias

From: Steve (steve_at_no-email-please.net)
Date: 01/13/04


Date: Tue, 13 Jan 2004 18:56:22 GMT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hairy One Kenobi wrote:
| "Steve" <steve@no-email-please.net> wrote in message
| news:%YFMb.62005$IF6.1379800@ursa-nb00s0.nbnet.nb.ca...
|
|>Hairy One Kenobi wrote:
|>
|>>"Steve" <steve@no-email-please.net> wrote in message
|>>news:sskMb.61484$IF6.1356048@ursa-nb00s0.nbnet.nb.ca...
|
|
| <much snippage>
|
|>>This is probably where our view diverge - *nix has a simple on/off
|
| approach
|
|>>to privilege. Windows has a mass to choose from - a lot of programmers
|
| seem
|
|>>(sometimes wilfully!) to misunderstand this and drag us back to
|>>CP/M^H^H^H^HDOS, but that doesn't necessarily make them "bad".
|>
|>As a former Microsoft Programer, and have tibits of windows longhorn
|>source code, and the one of the alphas on my desk right now, I Can tel
|>you this is not true.
|>
|>While microsoft does attempt to represent to the user, and without know
|>vast amount of C, or assempler, or fully understaning the dissemnation
|>of the operating system, you would be none the wiser. However, the
|>problem is with Microsoft's claim that they indeed DO have privlage
|>seperation, and not only that, have varing degrees of privlage
|>seperation is just wrong. The reason why its wrong, is because there is
|>no real kernel land and user land for applicaitons. Everything ultimatly
|>runs with administrator privlages in the final execution.
|
|
| Hmm. Now that's an interesting statement. I'll concede that NT4's
| lets-run-graphics-through-the-kernel decision was, for want of a better
| word, "dumb". OTOH, I can't agree with your assertation that Windows
doesn't
| have a number of different privileges available for general use. As I've
| said before, I'd prefer a greater & more specific set (a la VMS), but
| they're there if a programmer is willing to use 'em.

Well it is true that at the software level ther are a number of
privlages the operating system will honour. The underlying problem is
the physical layout of memory. the *inx system has a particular segment
of kernel memory, thats kernel land, the rest is for everything else,
ala userland. Moreover, the kernel, running in memory that can only be
accesed via uid=0, now this memory contains the execution stack and the
instructions of underlying kernel procceses that will govern the
enforcement of privlages. Therefore, by smashing a userland procces, you
can not get root unless your exploting something running as root, or
something suided to root. and to avoid that, you can mount entire
volumes with nosuid options. Moreover, you can mount also with the
noexec option if you need to as well. To further secure entire areas of
your disk.

However, in windows, all memory is potentially kernel memory. Because
the kernel can mallac() itself new memory. because of this a stack smash
of a userland app, gets you root. In effect. Which is why, with tihngs
like MSrpc (which is suppose to be userland) when you smash the stack
(which I think we should remind ourselves, no one thought to check the
length of file name on that one), you get SYSTEM privlages, which the
equivilent of root.

Now, within windows, yes its true, you have varying levels of access
control built in. However, when the operating systme breaks, you get
root. On *inx, when you break the system, you get whatever user you were
running as.

|
| Most don't; something that - as a Windows programmer myself - reflects
more
| on the programmer than the platform. I'll take as my example Nero,
which had
| to be patched to allow use by people with lower privilege levels (I forget
| the exact privilege. Admin group has it by default) You have to go the
same
| thing with Unicenter (being originally Unix-centric, it runs
everything with
| its own user, which requires "Login as a Service" rights, among other
| things)

This is true, but thats because nero works within the operating system.
Unfortunatly, the only time user privlages in windows get broken is
under malicous circumstances. The privlage seperation we are talking
aobut only becomes a problem when someone succseds in breaking the
system. IE - a stack smash. Which we have seen literally thousands of in
windows. The problem is, whenver there is one in a windows app, its a
desister, for unix, its only a disaster for that user. That is the
privlage seperation that is being adressed.

|
| NT, in all its various guises, has multiple layers, rather than just
the two
| (if you're talking WIn9x, then I'll just apologise & move on.
| Elephant-on-a-traffic-cone ;o) AFAIK (with not having done it) this great
| big hooking hole (as used by rookits) already assumes a privilege
escalation
| in the first place. Or, to put it another way, that the box has
already been
| compromised through some other means. Five layers rings a bell, but no
| CMKRNL to allow better control.
|
| If you're thinking of some other way of manipulating the kernel, then
please
| say so..

Well, specialy crafted exploits have used kernel hooks in the past.
However, I have to concide, those are rare, and not by any means
"conventional", however, the underlying problem is smashing the stack of
a userland app gets you into memory space that is userland and
kernelland, thus allowing severe privlage escilation.

|
|
|>Moreover, any binary on a windows box can overflow its stack and volia,
|>its in kernel space if the overflow is crafted correctly. Moreover,
|>every windows box is compiled with the same procedure, with the same
|>offsets, and the same base addresses at the factory. Which makes
|>mass-explotiation possible.
|
|
| Hmm. True, but also for everyone else (I would suggest that very few other
| people do actually recompile the whole OS..)

Thats true, however, with Distros such as gentoo, which makes this task
(as well as full optimization for your chip via CFLAGS) literally a
single command, this is starting to become more common. Admittitly,
unless your using gentoo exclusivly, it is difficult (see the book
"linux from scratch") to acomplish this. Moreover, it is time consuming
to complete, but since I can do other things while its happening and
because of the extreme preformance/security/stability benifits, for me,
I consider it time well spent. Also, a nice feature in Gentoo, is to
build binary packages. So if I have a large farm of servers, running the
same hardware (at least the same proccsors, or at least the same class
of proccsors (athlon-xp, athlon-tbird, p4, ect), in some cases, you only
need to compile the entire system, and output binary packages (with the
heavy CFLAGS), to reap the benifits of compilation over an entire farm.
However, it is obviously best to do it on each box.

The point I wished to adress with that was simply that it CAN be done.
If you are so inclined. and is impossible on windows

|
| <Snip discussion of process vs. thread>
|
|>>>Moreover, without an /etc directory in plain text, we have a registry,
|>>>wich is another way to do it, but the problem is its a propritary
|>>>binary, so we never really know all of whats in it, and instad of a real
|>>>system logger like /var/log we have even manager, which agian is anohter
|>>>propiotary approach.
|>>>
|>>>This amounts to tracking down problems on windows to thier root to be
|>>>much more difficult than with linux, the reason being that in linux its
|>>>plain text, you can _read_ the physical settings being read into the
|>>>damoens (pardon my spelling), in windows, you have to root thru keys,
|>>>and propitary editors to get the info that in linux would have been
|>>>gotten from cat. Moreover, its easier to extract and sort information
|>>>out of the ascii in /var/log than to get event viewier in windows to
|>>>figure out what the hell is happening.
|>>
|>>
|>>Hmm. While I'd agree that Event Viewer was probably written by Satan on
|
| a
|
|>>rainy Sunday afternoon, I can't agree that hunting down configuration
|
| files
|
|>>is a useful use of /my/ time. As I'm sure you'll recall, WIndows 3 took
|
| that
|
|>>approach. Not especially brilliant..
|>
|>Cant argue with that :) However, I think you misunderstood the way linux
|>does the config files. In general, the config files are in /etc/<name of
|>package>/ . While there are exceptions to this, the fact remains, that
|>the location of those files, is mostly standard, and it its not
|>standard, can simply be found in the documentaiton.
|
|
| Assuming that there is any ;o)
|
| And that the person who setup the box followed it (won't bore you with
what
| I had to do to hack my original Solaris box into shape.. ;o)

Serves you right for using slowaris :)

|
| Yes, you can do text searches on *nix. And, yes, you can do registry
| searches on Windows. And, yes, I'd like to see a better editor provided
| out-of-the-box.. one with FindAll would be a start. OTOH, if I /really/
| needed it more than once, I'd either download or write one.

True, but in *inx the main benift is that because its text, it can be
done via virtually any internet connection. Without having to have
something like VNC or something.

|
|
|>>Both platforms require updates.. and both platforms have a way to go on
|
| that
|
|>>one. On the one hand, we have (often unnecessary) Windows reboots, on
|
| the
|
|>>other a process that would appear to be moderately painful.
|>
|>This is true, but as I outlined above, you can use other "layers" of
|>security, if you have the appropriate admin, to delay updating (altho
|>its generally a good idea) if oyu need too. (like if it is 2 AM :) )
|
|
| I do that already, on certain boxes - they all trip at different times.
|
|
|>Indeed, my IMAP box is
|>running kernel 2.4.22 and has been up for close to 4 months now without
|>reboot. (power company is good around here about lack of power outages
|
| :) ).
|
| But for a memory upgrade, my web server could probably have matched
that ;o)
| The only downtime was for two or three seconds, when I upgraded the web
| server itself (I don;t use IIS ;o)

Interesting, what version of windows, What webserver? I've never seen a
windows box stay up for 4 months before!

And whats wrong with IIS? Didnt like your static HTML content being
served out of kernel? Hehe :)

|
|
|>>The reason I say that a lot of reboots are probably unnecessary is that
|
| most
|
|>>seem to make assumptions about DLLs that could be hanging around in
|
| memory
|
|>>(wouldn't it be nice if they dropped out when they weren't being used,
|
| or
|
|>>had a specific unload utility? Everyone else seems to manage to do
|
| /that/
|
|>>one..)
|>
|>This is true, however, if you run windows update, and a DLL gets
|>updated, windows update can't shut down the processes useing that DLL
|>most of the time, therefore you have to reboot since in Windows, you
|>can't delete a file, or replace it if its in use (mainly because NTFS is
|>broken :) )
|
|
| You consider this /broken/ behaviour? Hmm. I guess that we'll have to
| disagree on this one. I'd still like to see an unloading tool, though
- - (it
| would also boost uptime - the box may not be good for anything during a
| software upgrade but, heck, the kernel's running so the box is /up/,
right?
| ;o)

It is broken, you can not remove a file from the file system when it is
in use. This is broken inode behavior in the NTFS file system. You
should have be able to have something in memory, and remove it from
disk. In windows you have the pagefile to swap out to if you run out of
memory, and on linux a swap partion, so there is no reason to have to go
back to the file in the file system. Moreover, the FileDescriptors
should keep a refernce to the physical inodes even after the file entry
has left the directory tree. The fact that you can not delete a file in
use is the result of broken inode behavior in the inodes. (or the ntfs
rip off of inodes.)

Moreover, for a journaling filesystem, dirty shutdowns are handled badly
by ntfs, it dosnt read or write its journal properly, nor does it
allocate it proprly. Moreover, if your running something with alot of
files, rieserFS eats ntfs. Hell, ext2 eats NTFS.

|
| <Snip useful stuff about Gentoo. Must take a look at that.. thanks>

Gentoo.org baby....gentoo.org

|
| H1K
|
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFABENqcyHa6bMWAzYRAnwoAJ0YUrtyUMOxyuN4O/MpATdkQMSXeQCgwH0G
KtVN1LYKPhl2bk8O7bCB5Mo=
=pnEV
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: W23K-Terminalserver mit Qber_8GB_RAM_?=
    ... schreibst und somit auch bei Windows 2003 Enterprise Edition nur max. ... Wesentlich sinnvoller wären zwei kleinere Server gewesen, ... Jede Applikation bekommt seine eigenen 2 GB User Memory Space. ... Die anderen 2 GB Kernel Memory Space sind zwischen allen ...
    (microsoft.public.de.german.windows.terminaldienste)
  • Re: sick of Linux bias
    ... > the physical layout of memory. ... > of kernel memory, thats kernel land, the rest is for everything else, ... > However, in windows, all memory is potentially kernel memory. ... This is broken inode behavior in the NTFS file system. ...
    (comp.security.firewalls)
  • Re: sick of Linux bias
    ... > the physical layout of memory. ... > of kernel memory, thats kernel land, the rest is for everything else, ... > However, in windows, all memory is potentially kernel memory. ... This is broken inode behavior in the NTFS file system. ...
    (alt.computer.security)
  • Re: sick of Linux bias
    ... Windows has a mass to choose from - a lot of programmers ... |>problem is with Microsoft's claim that they indeed DO have privlage ... the physical layout of memory. ... of kernel memory, thats kernel land, the rest is for everything else, ...
    (alt.computer.security)
  • Re: Hello Everyone!
    ... is the worst possible operating system on the planet (and most likely ... Windows on the other hand is a GUI'ed and ... Wintendo also requires regular reboots and its kernel still contains ...
    (comp.os.linux.misc)