OT Operating System Design WAS RE: [thelist] RE: blaster worm punishment

Shawn K. Quinn skquinn at speakeasy.net
Tue Feb 1 22:58:03 CST 2005

On Tue, 2005-02-01 at 18:04 +1100, Ken Schaefer wrote:
> What exactly is "shoddy" about the design of the OS itself?

You really want me to name them all? I don't have that kind of time to

For one, marrying the GUI to the kernel. On Unix and clones, if one
loses one's GUI (X Window server), the rest of the system doesn't go
down with it.

The general attitude toward security coming out of Redmond for the past
9 years and change and counting is a large part of the problem, starting
with the complete disregard for security going back prior to the release
of Windows 95 (note that the first Windows e-mail viruses started
appearing after Windows 95 [1]). The latest plan to require an authentic
version of Windows to get security updates is not exactly a bright move
on Microsoft's part either, as this will only make the security problem
worse, because there are people who will violate copyright to get their
copy of Windows, no matter what. (The move is motivated by greed, as in
continuing to charge an extortionist price for Windows and trying to get
as many people to pay for it as possible.)

> Please do not say "making everyone an administrator" makes the OS
> intrinsically insecure. It doesn't. There's no structural issue there
> in the OS components that make it vulnerable to compromise.

Maybe not the OS itself, but it sure as hell makes that installation of
it insecure. (By the same token, running 'chmod -R a+rwx /' on an
OpenBSD box makes that installation insecure, but that doesn't mean
OpenBSD itself is insecure.) This is the same reason one should never
run things as root on Unix boxes that one does not need to [2]. Normal
users do not need write permissions to system files, especially
executables and libraries. This is what viruses use to spread, and
making a user an administrator gives them exactly these permissions.
Here, let me show you:

$ ls -l /bin/ls
-rwxr-xr-x  1 root root 75948 2004-07-16 06:37 /bin/ls

That means: only the owner (root) can write to this file (in fact, some
distributions install programs not writable for anyone, root included).
Everyone else can read and execute, but not write to it.

Since I owe a tip:

<tip type="security" author="Shawn K. Quinn">
When writing CGI programs (or PHP, ASP, etc), make no assumptions. In
particular, don't assume form submissions will come only from your HTML
form; they could come from anywhere, and the data could be larger. Don't
assume the user has Javascript enabled; always check for valid data on
the server. E-mail addresses should be hidden inside your CGI or PHP
script, never put in your form (this would open the door for spammers).

[1] http://www.bearcave.com/misl/misl_tech/email_virus.html

[2] http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/

Shawn K. Quinn <skquinn at speakeasy.net>

More information about the thelist mailing list