[K12OSN] Linux vulnerabilities?

Terrell Prude', Jr. microman at cmosnetworks.com
Mon May 17 23:51:30 UTC 2004 

An exhaustive list of the "vulnerabilities" of *any* operating system 
would fill a several-thousand-page book, be it Windows, GNU/Linux, *BSD, 
OS/2, MVS, or otherwise.

What should be addressed, from the perspective of "holes" in the 
software itself, is how quickly the holes get fixed in the Free Software 
Community, versus the "closed-source" proprietary world of Microsoft and 
Sun.  Remind them that most bugs in Free Software get fixed within a few 
days, tops.  By contrast, bugs in Windows most often take several 
*months* to get fixed.  Witness the vulnerabilities that allowed Code 
Red, Nimda, Slammer, MSBlaster, Nachi, SoBig, Netsky, and, the most 
recent to date, Sasser, to proliferate on Windows systems, and this will 
continue.

Another thing that should be addressed is how GNU/Linux, and certainly 
K12LTSP, is run.  Users don't run as "Administrator" on K12LTSP.  No, no 
nonononono....   They run as unprivileged users, always, unless someone 
explicitly sets their userID to 0, and only root can do that.

It sounds like these "techies" are paper MCSEs scared of losing their 
jobs.  I've met far too many like that throughout my career.  You'll 
just have to go over their heads.

--TP

Jonathan Kallay wrote:

>Hi all,
>  I'm trying to push K12LTSP to the district IT office.  The managers are in a strange position where they seem to be tiptoeing around the 'techies' to which they have outsourced some of the network administration.  These 'techies' refuse to have anything to do with a single Linux box on a network of several thousand computers, professing at once both ignorance about Linux and at the same time spouting all kinds of misinformation about how open source software is insecure.  I've been told that it would be to my benefit to identify what the big Linux security holes are, to 'get everything out in the open,' so to speak.  Because of the openness of the operating system, the only security holes I know of are simply the result of system admin error or ignorance.  Can anyone help me out?
>
>Jonathan
>
>
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>
>
>  
>

More information about the K12OSN mailing list