[K12OSN] Linux vulnerabilities?
Terrell Prude', Jr.
microman at cmosnetworks.com
Mon May 17 23:51:30 UTC 2004
An exhaustive list of the "vulnerabilities" of *any* operating system
would fill a several-thousand-page book, be it Windows, GNU/Linux, *BSD,
OS/2, MVS, or otherwise.
What should be addressed, from the perspective of "holes" in the
software itself, is how quickly the holes get fixed in the Free Software
Community, versus the "closed-source" proprietary world of Microsoft and
Sun. Remind them that most bugs in Free Software get fixed within a few
days, tops. By contrast, bugs in Windows most often take several
*months* to get fixed. Witness the vulnerabilities that allowed Code
Red, Nimda, Slammer, MSBlaster, Nachi, SoBig, Netsky, and, the most
recent to date, Sasser, to proliferate on Windows systems, and this will
continue.
Another thing that should be addressed is how GNU/Linux, and certainly
K12LTSP, is run. Users don't run as "Administrator" on K12LTSP. No, no
nonononono.... They run as unprivileged users, always, unless someone
explicitly sets their userID to 0, and only root can do that.
It sounds like these "techies" are paper MCSEs scared of losing their
jobs. I've met far too many like that throughout my career. You'll
just have to go over their heads.
--TP
Jonathan Kallay wrote:
>Hi all,
> I'm trying to push K12LTSP to the district IT office. The managers are in a strange position where they seem to be tiptoeing around the 'techies' to which they have outsourced some of the network administration. These 'techies' refuse to have anything to do with a single Linux box on a network of several thousand computers, professing at once both ignorance about Linux and at the same time spouting all kinds of misinformation about how open source software is insecure. I've been told that it would be to my benefit to identify what the big Linux security holes are, to 'get everything out in the open,' so to speak. Because of the openness of the operating system, the only security holes I know of are simply the result of system admin error or ignorance. Can anyone help me out?
>
>Jonathan
>
>
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>
>
>
>
More information about the K12OSN
mailing list