[FirstClass]

I've got a linux box I run servers on but my main machine has to be windows for gaming. (I'm pretty hardcore)

[scottwww]

Quote:

Ubuntu fares as well as Red Hat or SUSE Linux

MacBook Air, Vista Box PWNd - Ubuntu Stands Alone
By Richard Adhikari
LinuxInsider
Part of the ECT News Network
03/31/08 2:03 PM PT

At a recent security conference, hackers were given the chance to try to attack three different laptops: a MacBook Air, a machine running Windows Vista and one running Ubuntu 7.10. In the PWN 2 OWN contest, both the Mac and the Windows machine were PWNd, but Ubuntu resisted all attacks.

After three days of attacks by leading hackers, a laptop running Ubuntu remained untouched while two others, running Mac OS X and Windows Vista Service Pack 1, succumbed.

The attacks were launched at the CanSecWest PWN 2 OWN contest in Vancouver, Canada.

This was sponsored by security firm TippingPoint, a division of 3Com (Nasdaq: COMS) , and held March 26-28, under its Zero Day Initiative (ZDI).

ZDI is a program for rewarding security researchers for responsibly disclosing vulnerabilities.

The Gory Details
The three machines being attacked were a MacBook Air running the current version of Mac OS X, 10.5.2; a Fujitsu U810 notebook running Windows Vista Ultimate SP1; and a Sony Vaio VGN-TZ37CN running Ubuntu 7.10.

All three had the latest security patches installed.

The good news is that all three were not vulnerable to attacks over the networks on the operating systems themselves, which was what the hackers were restricted to on the first day of the contest.

The second day saw a change in the rules, with the scope of attacks widened. The hackers were allowed to attack standard default installed client-side applications such as browsers; or to trick users into opening e-mails with links leading to malware or that included malware; or to trick users into visiting Web sites either including malware or with links that led to malware.

The judges decided which installed client-side applications were standard default items.

The Results
The MacBook Air went down within minutes while the Fujitsu running Windows Vista survived into the last day before succumbing.

Charlie Miller, Jake Honoroff and Mark Daniel from Independent Security Evaluators compromised the MacBook Air by sending it to a Web site on which they had installed an exploit that took advantage of a new zero-day vulnerability in the Safari Web browser.

Shane Macaulay, Derek Callaway and Alexander Sotirov of Security Objectives compromised Windows Vista by exploiting a previously unknown flaw in the latest version of Adobe (Nasdaq: ADBE) Flash.

Both Apple (Nasdaq: AAPL) and Adobe have been informed of the vulnerabilities discovered.

The Back Story
Miller, who formerly worked at the National Security Agency, was one of the first people to hack the iPhone last year. He has previously criticized Apple for being slow to update the open source components in its operating system, after discovering one critical vulnerability that had been integrated into Safari although it had already been patched in WebKit, the open source code behind the Safari engine.

He said he decided to attack the Mac because he thought it would be the easiest of the three.

His opinion may be justified: two IBM (NYSE: IBM) researchers told a Black Hat hackers convention in Amsterdam, the Netherlands, that Mac OS X has far more unpatched vulnerabilities than Windows Vista, and that Apple was not very cooperative with security experts who told it about flaws in its operating system.

Last year, the contest's winner took the prize by exploiting a vulnerability in Apple's QuickTime .

The Howls of the Faithful
Apple users are in an uproar over the news of how easily OS X security was breached.

Roughly Drafted, a Mac and Apple Web site, contends that the exploits have little value outside of competitions like CanSecWest and that CanSecWest aims at redirecting the focus on security issues from Windows to other platforms.

In a white paper, Stefan Frei, Bernhard Tellenbach and Bernhard Plattner at the Computer Engineering and Networks Laboratory of the Swiss Federal Institute of Technology say that their data "does not support the common belief that software from Apple is inherently more secure than software from Microsoft."

They say that, while the average number of unpatched vulnerabilities has stabilized for Microsoft (Nasdaq: MSFT) , "Apple has bypassed Microsoft and shows an increasing trend."

Ubuntu Basics
A community-developed, Linux-based operating system, Ubuntu was launched in October 2004 and includes a Web browser, presentation, document and spreadsheet software, instant messaging and other features.

It was created as a fork of the Debian GNU/Linux project. A new version of Ubuntu is released every six months and Ubuntu releases always include the most recent GNOME release.

GNOME is an international effort to build a complete desktop environment, including the graphical user interface, from free software. It is part of the GNU Project, GNU being an operating system built from free software. GNOME can be used with various Unix-like operating systems, including Linux.

Ubuntu is sponsored by Canonical, which is owned by South African entrepreneur Mark Shuttleworth.

Reactions to the Test
"Tests of this nature are sensational, but not necessarily indicative of the threat seen in an organization's environment," Dan Kusnetzky, principal analyst at The Kusnetzky Group, told LinuxInsider. "They might be thought of as a worst-case scenario rather than what might have been seen in an organization's own data center."

Nonetheless, Ubuntu "acquitted itself very well in the tests," and is used in production in leading edge environments, Kusnetzky said. When you factor in support, the availability of trained personnel, database and application software, "Ubuntu fares as well as Red Hat or SUSE Linux," he added.

Canonical was not surprised that Ubuntu withstood the hackers. "We do a lot of rigorous testing for security," the firm's Gerry Carr told LinuxInsider. "All applications shipped are thoroughly tested by our security team before they are included."

[radix]

Quote:

Originally Posted by scottwww

A few months ago I switched from MS Windows to Linux. Now I run the Novell openSUSE 10.3 distribution on all my computers. Does anybody else on this board use Linux?

I've been using Linux RedHat/Slackware since 1995. I'm currently a Unix Systems Engineer by profession and have been for twelve years. On a day to day basis at work I work with AIX/Solaris/RHEL. I currently have an openSUSE Samba/NFS server at home that I use pretty much exclusively as a file server. I've maintained similar setups in the past with FreeBSD as well.

[scottwww]

Quote:

Originally Posted by anmcguire

I've been using Linux RedHat/Slackware since 1995. I'm currently a Unix Systems Engineer by profession and have been for twelve years. On a day to day basis at work I work with AIX/Solaris/RHEL. I currently have an openSUSE Samba/NFS server at home that I use pretty much exclusively as a file server. I've maintained similar setups in the past with FreeBSD as well.

You must know Linux pretty well, then.

One annoyance I have been dealing with is on one of my boxes at home, I have screwed up the permissions for one drive. On it, whenever I save a file to a folder, it takes root as owner and group. Then I have to login with root permissions to correct the permissions to show me as owner with users as the group. Should be a quick and easy fix, but I haven't found it. Help?

[radix]

Quote:

Originally Posted by scottwww

You must know Linux pretty well, then.

One annoyance I have been dealing with is on one of my boxes at home, I have screwed up the permissions for one drive. On it, whenever I save a file to a folder, it takes root as owner and group. Then I have to login with root permissions to correct the permissions to show me as owner with users as the group. Should be a quick and easy fix, but I haven't found it. Help?

I'm assuming you are not logging in as root for day to day activities... If you are, stop now. I can't tell you why it is taking root ownership for the user unless the process that is creating the file is either run as root or is SUID root. The group permissions could be because the the SGID bit is set on the directory. A simple "ls -ld" on the directory will tell you that for sure. If the directory is SGID:

chmod g-s directory

should fix it. Here is an example of what the SGID bit on a directory does:

host ~ > id
uid=1000(anm) gid=500(sysadmin)
host ~ > mkdir test
host ~ > ls -ld test
drwxr-xr-x 2 anm sysadmin 512 Apr 01 17:41 test
host ~ > sudo chgrp sys test
host ~ > sudo chmod g+s test
host ~ > ls -ld test
drwxr-sr-x 2 anm sys 512 Apr 01 17:41 test
host ~ > touch test/test.txt
host ~ > ls -l test
total 0
-rw-r--r-- 1 anm sys 0 Apr 01 17:41 test.txt


Again, for the user permissions, it is because your process is running with root authority. What type of process is it? If you know the name of the binary do a "ls -l" on it and see if the user execute bit is set to "s" and the owner is root. If so, there is your culprit.

[scottwww]

Quote:

Originally Posted by anmcguire

I'm assuming you are not logging in as root for day to day activities... If you are, stop now. I can't tell you why it is taking root ownership for the user unless the process that is creating the file is either run as root or is SUID root. The group permissions could be because the the SGID bit is set on the directory. A simple "ls -ld" on the directory will tell you that for sure. If the directory is SGID:

chmod g-s directory

should fix it. Here is an example of what the SGID bit on a directory does:

host ~ > id
uid=1000(anm) gid=500(sysadmin)
host ~ > mkdir test
host ~ > ls -ld test
drwxr-xr-x 2 anm sysadmin 512 Apr 01 17:41 test
host ~ > sudo chgrp sys test
host ~ > sudo chmod g+s test
host ~ > ls -ld test
drwxr-sr-x 2 anm sys 512 Apr 01 17:41 test
host ~ > touch test/test.txt
host ~ > ls -l test
total 0
-rw-r--r-- 1 anm sys 0 Apr 01 17:41 test.txt


Again, for the user permissions it is because your process is running with root authority. What type of process is it, if you know the name of the binary do a "ls -l" on it and see if the user execute bit is set to "s" and the owner is root. If so, there is your culprit.


Andrew

thanks.. I'll take a look at it tonight. I didn't understand much of what you wrote here. I'm still a noob to Linux. Actually, I have had fewer troubles with Linux than with most Windows boxes.

[FirstClass]

Quote:

Originally Posted by scottwww

thanks.. I'll take a look at it tonight. I didn't understand much of what you wrote here. I'm still a noob to Linux. Actually, I have had fewer troubles with Linux than with most Windows boxes.

What was alluded to above but not outright stated is this. On a Windows machine you always want to be an admin to you can install things/do whatever you want. In Linux you most definitely do not want to alway log in as root.

Windows = user accounts are admin no problem.
Linux = root isn't a user account.

[radix]

Quote:

Originally Posted by FirstClass

What was alluded to above but not outright stated is this. On a Windows machine you always want to be an admin to you can install things/do whatever you want. In Linux you most definitely do not want to alway log in as root.

Windows = user accounts are admin no problem.
Linux = root isn't a user account.

Correct. That's what I meant when I said "If you are, stop now". I would recommend that new users configure and use sudo almost exclusively for root access where possible. It affords some minimal measure of protection against self inflicted stupidity (e.g. I/O redirection happens as your user, not as root). I find it also makes users think a little bit more about each command they execute, although my opinion is clearly subjective.

[radix]

Quote:

Originally Posted by scottwww

thanks.. I'll take a look at it tonight. I didn't understand much of what you wrote here. I'm still a noob to Linux. Actually, I have had fewer troubles with Linux than with most Windows boxes.

To summarize, the best advice I can give you at this stage is:

1. Do not log in as root unless you absolutely must.
2. Invest some time in learning and understanding Unix file permissions.
3. Learn a shell inside and out (ksh,bash,tcsh,zsh,etc).
4. Learn the structure of the Unix filesystem hierarchy. The filesystem hierarchy standard at pathname.com is a good place to start.
5. Learn to read man pages.

lastly, and perhaps most importantly:

6. Never execute anything unless you are sure of what it does, especially as root.

That should get you started. BTW... if anyone ever has any Unix/Linux related questions, feel free to PM me. Maybe I can contribute something to this community.

[PresaMat]

Ive been running one form of *NIX or another since the 90s... Linux BSD etc etc. Ive run a Linux Users Group before. Linux is good stuff but after years of running the LUG I have decided its still far from end user ready. And to tell you the truth... I prefer it that way. The more they try to make it user friendly the more bloated the distros get and the less sysadmin friendly they get.

Oh and here is a good link for any linux/bsd user to have:

http://cb.vu/unixtoolbox.xhtml

[radix]

Quote:

Originally Posted by PresaMat

And to tell you the truth... I prefer it that way.

Agreed. I find Slack is still my favorite distribution for precisely that reason. I don't like having my hand held. I like FreeBSD for the same reason.

[PresaMat]

Quote:

Originally Posted by anmcguire

Agreed. I find Slack is still my favorite distribution for precisely that reason. I don't like having my hand held. I like FreeBSD for the same reason.

Slack is pretty good... I am still partial to gentoo (what can I say? I love the portage idea). For the BSD side... openbsd is rather nice but Free is good too. I am good friends with one of the main developers of FreeBSD. VERY Smart guy. At work we use CentOS unfortunately the previous sysadmin convinced the company to run it so Ive had to deal with the BS ever since. My first order of business was create an install image with just about NOTHING on it. I think a "normal" install of Centos puts on around 1000 rpms. Mine had about 100.

Though... I have done LFS before... never again!

[radix]

Quote:

Originally Posted by PresaMat

Slack is pretty good... I am still partial to gentoo. For the BSD side... openbsd is rather nice but Free is good too. I am good friends with one of the main developers of FreeBSD. VERY Smart guy. At work we use CentOS unfortunately the previous sysadmin convinced the company to run it so Ive had to deal with the BS ever since. My first order of business was create an install image with just about NOTHING on it. I think a "normal" install of Centos puts on around 1000 rpms. Mine had about 100.

I've used OpenBSD before, if only to experiment with it. IIRC, I didn't like its ports collection quite as much as FreeBSD's. It didn't seem as comlete. I also missed (at the time) the lack of Linux binary emulation/translation. This was a while ago so things might have changed substantially since then.