On Thu, Feb 22, 2001 at 10:58:27AM -0500, Steve Rudd wrote: > I have been told by a "Mac-head" that the Mac is the most secure server and > that it is significantly more secure than any unix system, including Linux. with MacOS everything runs as root since there is no security, no UIDs, no permisions nothing. if you manage to exploit any daemon or any cgi script you have full root on the box, a clueful attacker could do anything since there is also not even any memory protection in MacOS. the reason MacOS seems to be more secure is simply that its an obscure platform, most typical unix attacks fail simply because MacOS is different. that does NOT mean that its not possible to very sucessfully attack MacOS and gain significant access, it simply takes a different attack and different exploits. several years ago there was a silly `Crack a Mac' contest and someone managed to exploit a cgi script and deface the web site served by the Mac. in most cases such an attack would never allow site defacment on unix since the site is not owned by the webserver UID that the cgi script generally runs as. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpEDlklS8cVx.pgp
Description: PGP signature