[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mac most secure servers?



On Thu, Feb 22, 2001 at 10:58:27AM -0500, Steve Rudd wrote:
> I have been told by a "Mac-head" that the Mac is the most secure server and 
> that it is significantly more secure than any unix system, including Linux.

with MacOS everything runs as root since there is no security, no
UIDs, no permisions nothing.  if you manage to exploit any daemon or
any cgi script you have full root on the box, a clueful attacker could
do anything since there is also not even any memory protection in
MacOS.

the reason MacOS seems to be more secure is simply that its an obscure
platform, most typical unix attacks fail simply because MacOS is
different.  that does NOT mean that its not possible to very
sucessfully attack MacOS and gain significant access, it simply takes
a different attack and different exploits. 

several years ago there was a silly `Crack a Mac' contest and someone
managed to exploit a cgi script and deface the web site served by the
Mac.  in most cases such an attack would never allow site defacment on
unix since the site is not owned by the webserver UID that the cgi
script generally runs as. 

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpPfCSqW8YMx.pgp
Description: PGP signature


Reply to: