Re: Linux security

To: randyh@getaway.net, Debian User's List <debian-user@lists.debian.org>
Subject: Re: Linux security
From: the lone gunman <lgunman@sewage.debian.org>
Date: Wed, 19 Aug 1998 13:21:37 -0500
Message-id: <[🔎] 19980819132137.A230@sewage>
Mail-followup-to: randyh@getaway.net, Debian User's List <debian-user@lists.debian.org>
Reply-to: Matt Garman <garman@uiuc.edu>
In-reply-to: <[🔎] m0z8ouB-0004moC@odvar>; from randyh@getaway.net on Tue, Aug 18, 1998 at 11:46:43AM -0500
References: <[🔎] m0z8ouB-0004moC@odvar>

On Tue, Aug 18, 1998 at 11:46:43AM -0500, randyh@getaway.net wrote:
> I was having a discussion with my ISP about Linux.  He said he uses
> Windows NT because it is much more secure than Linux.  He stated
> that since the source code was available that it was very unsecure.

I have trouble with this statement.  It seems to me, with the source
code open and available, *anyone* can take a gander at Linux's
source.  Naturally, hundreds of people can see where there are
potential security holes in the code.  All Windows systems are limited
only to the Microsoft programmers.  In my mind, it just seems that the
more folks there are looking at code, the better the chances of
discovering bugs, security concerns, etc.

> He mentioned something about attaining root access by downloading
> /etc/passwd and de-crypting the passwords.  He bases this on a

The only sensible way to run a multi-user Linux system (e.g., an ISP),
is with shadow passwords.  *Only* root can read the shadow password
file (/etc/shadow).  By the time the root account is compromised,
/etc/shadow really doesn't mean much.

I wouldn't put too much confidence in the person with whom you spoke
at your ISP.

Gook luck!

Reply to:

References:
- Linux security
  - From: randyh@getaway.net

Prev by Date: Re: Connection Refused
Next by Date: Re: Connection Refused
Previous by thread: Re: Linux security
Next by thread: Re: Linux security
Index(es):
- Date
- Thread