[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Linux Security



Hello Krishnan,
Security by obscurity is hardly a way to go about building a robust and
secure system. I think the basic issue here is this :
What does it mean for the operating system source to be available to
auser ?
as for the fact that a malicious person may modify the sources, the
first thing is that these changes will never makeit into the main
source tree of an operating system like linux, where each patch is
reviewed and then added to the main tree by Linus himself. So if you
get your source from the main tree, or atleast authnticate the fact
that you are getting it from somebody who got from the main tree, well
I seeno problem.
Now consider the latest IIS bug , microsoft says that it will take
atleat 2 weeks to patch it, what with millions of sites running on IIS
and the exploit actually being distributed by a company... you can
imagine what can happen, now if the source were open a patch/fix would
have been possible much sooner and quicker.
another thing is, an open source structure allows for audits to be
puttogether like the Linux Security Project, in which programmer are
going through and each and every line of kernel and application source
code to eliminate basic mistakes like buffer overflowsand so on.
Efforts like this are simply not possible in a non-opensource
development format. 
and finally real computer security problems are based on issues of
trust, how and when to auithenticate, what assumptions about the
network environment that you are operating in , protocol design  and so
on , all of these more or less transcend OS boundaries.
Problems like the SYN flood attack are borne out of design issues
rather than particuler OSes.samir

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
Linux India is NOT a forum for Microsoft/India/Pakistan/US/UK bashing.
Flame baits will not be tolerated.  If you can appreciate satire read
http://www.templetons.com/brad/emily.html

------------------------------