re: [SLE] Linux security and "recent C library exploits"
This makes me think about the early days of cc. One of the original authors put some logic in cc to recognize that it was compiling a password routine. (Don't ask me how.) Anyway, whenever it detected one, it automatically added a backdoor so that he could login. cc had that "feature" for years, before he went public. It was never independently detected even though the gcc source was open. I think it was the cc that was used to compile unix, so this guy had root access to every UNIX box for a long time. If that could be done with UNIX, just imagine what sort of goodies could be inside of VC++. Greg -- Greg Freemyer
Hi All!
I am having a heated email debate with someone about the merits of Linux versus Windows. I made the claim that it was common for Microsoft to deny bugs, to which he replied:
If I wanted to make this a really long reply I could easily pull a ton of quotes and security alerts showing that unfortunately it is now the Linux extremists who make such silly "no vulnerabilities here" or "inherently secure" claims. Or the one thing MS never did -- redefine Linux as everything except the part which currently has errors. I have even had people tell me the recent C library exploits weren't part of Linux even as every major vendor was recompiling the whole kernel and practically every distribution package.
For the most part, there is a lot of handwaving by this guy with few facts. However, this seems like a "fact" that I am having trouble discounting. Although a lot of Linux people might claim Linux is "inherently secure", most of what I have seen has the qualifier that Linux is "inherently" more
secure thatn Windows. (let's ingore the "I have even had people tell me" which is a common lead in to many of his statements.)
I take the comment "Or the one thing MS never did -- redefine Linux as everything except the part which currently has errors" as implying that Linux people try to discount problems in Linux by saying something with a bug is
"not really part of Linux". (Possibly because I reminded him that Linux was the operating system and not all of the commands and applications).
However, the "recent C library exploits" is bothering me. Granted, I am not "up to date" on which libraries are used and what problems it has. However, I would hope that I would catch the fact that "every major vendor was recompiling the whole kernel". So, did I miss something or is this just more of this guy's hot air?
Regards,
jimmo -- --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- Be sure to visit the Linux Tutorial: http://www.linux-tutorial.info --------------------------------------- NOTE: All messages sent to me in response to my posts to newsgroups, mailing lists or forums are subject to reposting.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
participants (1)
-
Greg Freemyer