[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re[2]: Mac most secure servers?

On Thursday, February 22, 2001, 8:09:36 PM, andre wrote:
> I've used macs as servers for fairly large numbers of people working for a
> school district (k12 districts aren't into *nixes much yet, at least mine
> wasn't...). It ran webstar (httpd), eims (mail), quickdns pro, and
> netpresenz (ftpd). In my estimation, the security advantage definitely
> goes to the mac. Quite frankly, I never spent any time performing security
> checks / tests, because there just isn't the ability to buffer overflow to
> a rootshell, for example. If an app crashes, that app dies (and, being a
> mac, chances are the rest of the system dies with it). Believe it or not,
> macs used as servers (that are intelligently set up) are fairly stable...
> at least, far more stable than a mac that's used as a desktop (nothing
> approaching *nix stability, of course).

you can't claim it is secured against buffer overflows because there
are only GUI shells! the more or less standard technique of executing
a shell already available on the server when exploiting such a bug is
an easy way to get anything done. thats all! given a clever coder and
some time that mac would be broken too.

you could, for example:

place in the buffer a small program which would bind to a tcp port and
let you upload a second (larger) program to execute.

- crazy-b

 Gaute Gullesen <crazy-b@netcom.no>       phone: +47 922 48 107
 Fingerprint: AF90 7B96 9835 AA26 4DCC D4F7 1B82 110C B5DF 00B1
 Support the antiSecurity movement!:   http://anti.security.is/

Reply to: