Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Is Ubuntu safer than Windows against hacking/viruses?
New Posts  All Forums:Forum Nav:

Is Ubuntu safer than Windows against hacking/viruses? - Page 3

post #21 of 24
Quote:
Originally Posted by mushroomboy View Post

Because I was referring to the file attributes. Owner/User/group are file attributes that allow Read/Write/Execute depending on the numerical value you assign. That's an ACL but groups alone are not an ACL as they aren't really controlled by the file system.
[edit] I know I'll need to clarify, don't know why I posted. ACLs refer to objects, objects mean files. A group isn't an object, it's a definition and would work more similar to a registry as opposed to an ACL. Even so, it's really just a simple list. The file that stores that list is an object and can be attributed by an ACL, however the "groups" that the file holds are in no way related to an ACL.
I also don't generally talk about the standard owner/user/group as an ACL because you can do that without an ACL. In fact most people don't talk about the standard chmod attributes as ACLs. I was actually unaware that the they now ship with full ACL tools, I still think most systems don't actively use them unless you enable it. That is a new thing to me, probably the last couple years.

I thought that /etc/group, /etc/passwd, /etc/shaddow and /etc/sudoers (etc) were implied* when I was talking about user and groups as without those files, additional users and groups couldn't exist. It's a little like discussing cron while ignoring crontab.

Also, no ACL is controlled purely by the file system. In linux, you can completely ignore Windows file system ACLs. It's all just OS controlled (if memory serves; usually at the kernel level)

*particularly as I'm discussing this with another Linux techy. Some who should be fully aware of the aforementioned config files.
Quote:
Originally Posted by royalflush5 View Post

I think you should also add that *NIX users who have modded their kernal can either close or open security holes, because they, well, changed the kernal

The vast majority of of security holes happen in user space anyway so the ability to mod your own kernel doesn't really add any noteworthy security benefits.
Edited by Plan9 - 3/14/12 at 4:38am
post #22 of 24
Quote:
Originally Posted by Plan9 View Post

I thought that /etc/group, /etc/passwd, /etc/shaddow and /etc/sudoers (etc) were implied* when I was talking about user and groups as without those files, additional users and groups couldn't exist. It's a little like discussing cron while ignoring crontab.
Also, no ACL is controlled purely by the file system. In linux, you can completely ignore Windows file system ACLs. It's all just OS controlled (if memory serves; usually at the kernel level)
*particularly as I'm discussing this with another Linux techy. Some who should be fully aware of the aforementioned config files.
The vast majority of of security holes happen in user space anyway so the ability to mod your own kernel doesn't really add any noteworthy security benefits.

Yeah but those are not ACLs. I was talking about (and I'm correcting myself) Owner/User/Others, I originally had users but it's Other. Those are file permissions, which could be used as ACLs.

if you want to get down to it, chmod/chown/ect... aren't ACL tools and I'm going to say aren't related to ACLs. Even though they are close, we created a separate set of ACL tools. If chown/chmod/ect... were ACL tools then why didn't we just expand them when we introduced "ACLs"? Because none of that is considered ACLs.

I do stand corrected that distributions don't ship with it, however they don't ship with it actively set up. in general, most of the linux world doesn't use them. The only ones who do are probably the super picky or the ones that get it shipped and actively set up.


[edit] I hate doing this but I'm too lazy to find a "credible source", however I'm sure this is spot on.
Code:
An access control list (ACL), with respect to a computer file system, is a list of permissions attached 
to an object. An ACL specifies which users or system processes are granted access to objects, as well as 
what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an 
operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to 
delete the file.

ACLs are attributes handled by purely the FS you use. Such as EXT3 for example, and the FS has to support ACLs.
Code:
There are two experimental implementations of NFSv4 ACLs for Linux: NFSv4 ACLs support for Ext3 filesystem[5] and recent Richacls,[6] which brings NFSv4 ACLs support for Ext4 filesystem.

I do believe EXT4 just recently got the go for it to be included and ran in the kernel. The reason chmod/chgrp/chown and the likes are not ACLs is they have functions that depend on the OS outside of the FS. An ACL has all it's function within the FS, as natural FS functions.
Edited by mushroomboy - 3/14/12 at 12:02pm
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #23 of 24
Quote:
Originally Posted by mushroomboy View Post

The reason chmod/chgrp/chown and the likes are not ACLs is they have functions that depend on the OS outside of the FS. An ACL has all it's function within the FS, as natural FS functions.
ACLs still depend on the OS to enforce them - that that respect they're no different to chown / chmod. The point you keep missing is that a file system itself cannot stop someone from access / deleting / whatever. It can only hold metadata for the OS to manage who can access / delete / whatever. Thus if you locked a file right down so that nobody could read it, then there's nothing stopping me booting from a LiveCD and running a low level disk scan; reconstructing the file from that.

At the end of the day, if you have physical access to the HDD, then no amount of ACLs will secure your data (if you want that level of data security then you should have encrypted your storage pools). ACLs need a cooperating OS to function.

I've said this a dozen times now and even given a practical example to illustrate this point (re Linux ignoring Windows ACLs when mounting NTFS volumes via it's ntfs-3g FUSE module) yet you keep coming back to the old wives tail that ACLs some how magically work independent of the OS.
post #24 of 24
Most virus programs and hackers are written or operate from a Linux based machine. Why write a virus for a machine that you are using with the risk of infecting your own machine? Its counter productive. Millions of people use Windows. That's where the stupid masses leave tonnes of personal information like credit card numbers, passwords, bank accounts open. please understand that I am not calling every Windows User stupid. This is of course dependent upon the user themself and whether or not they leave pages with their bank passwords and accounts open along with their credit card account open in another window all the while download crud from Frostwire and looking at pr0n. This person has no clue that I am using the Frostwire program to infiltrate his system and look at what he is looking at on his bank statements and credit card and wow look he's got $18k in the bank and oh wow there's his checking account number and routing number and log in and password for money transferring. Thanks Joe!
Red Steel
(19 items)
 
Blue Butterfly
(14 items)
 
 
CPUMotherboardGraphicsRAM
AMD Phenom II X6 1090T >STOCK< Asus CROSSHAIR V FORMULA-Z EVGA GTX770 SC Avexir Core Series 8GB 240-Pin DDR3 SDRAM DDR3 ... 
Hard DriveHard DriveHard DriveHard Drive
Seagate 250GB SATA III MLC Internal Solid State... Seagate Barracuda 7200.10 ST3250310AS 250GB 720... SAMSUNG SpinPoint T Series HD320KJ 320GB 7200 R... Seagate Barracuda 7200.10 ST3500630AS 500GB 720... 
Optical DriveCoolingOSMonitor
Lightscribe DVD/RW Cooler Master Hyper 212+ in Push/Pull Windows 10 Pro 64 bit Phillips 32" LCD Flatscreen @ 1920x1080 
KeyboardPowerCaseMouse
Ducky DK1008 w/ Cherry MX Bkack Switches Corsair CX750M HAF 922 Custom Painted Logitech G502 Proteus Core 
Mouse PadAudioOther
Ratpadz XT EACH G2000 Lamptron FC6 Fan Controller 
CPUMotherboardGraphicsRAM
AMD Phenom II X4 955 Black Edition Deneb 3.2GHz ASUS M4A79T Deluxe AM3 Asus R7 260X OC 2GB G.SKILL Ripjaws Series 6GB (3 x 2GB) 240-Pin DD... 
Hard DriveOptical DriveCoolingOS
>>320GB with a 1TB External<< >>DVD/RW<< Xigmatek Dark Night  >>Windows 7 Ultimate 64bit<< 
MonitorKeyboardCaseMouse
>>22" Westinghouse WS<< CM Storm Devastator MB24 >>Antec 902 w/ Blue LED Fans<< CM Storm Devastator MS2K 
  hide details  
Reply
Red Steel
(19 items)
 
Blue Butterfly
(14 items)
 
 
CPUMotherboardGraphicsRAM
AMD Phenom II X6 1090T >STOCK< Asus CROSSHAIR V FORMULA-Z EVGA GTX770 SC Avexir Core Series 8GB 240-Pin DDR3 SDRAM DDR3 ... 
Hard DriveHard DriveHard DriveHard Drive
Seagate 250GB SATA III MLC Internal Solid State... Seagate Barracuda 7200.10 ST3250310AS 250GB 720... SAMSUNG SpinPoint T Series HD320KJ 320GB 7200 R... Seagate Barracuda 7200.10 ST3500630AS 500GB 720... 
Optical DriveCoolingOSMonitor
Lightscribe DVD/RW Cooler Master Hyper 212+ in Push/Pull Windows 10 Pro 64 bit Phillips 32" LCD Flatscreen @ 1920x1080 
KeyboardPowerCaseMouse
Ducky DK1008 w/ Cherry MX Bkack Switches Corsair CX750M HAF 922 Custom Painted Logitech G502 Proteus Core 
Mouse PadAudioOther
Ratpadz XT EACH G2000 Lamptron FC6 Fan Controller 
CPUMotherboardGraphicsRAM
AMD Phenom II X4 955 Black Edition Deneb 3.2GHz ASUS M4A79T Deluxe AM3 Asus R7 260X OC 2GB G.SKILL Ripjaws Series 6GB (3 x 2GB) 240-Pin DD... 
Hard DriveOptical DriveCoolingOS
>>320GB with a 1TB External<< >>DVD/RW<< Xigmatek Dark Night  >>Windows 7 Ultimate 64bit<< 
MonitorKeyboardCaseMouse
>>22" Westinghouse WS<< CM Storm Devastator MB24 >>Antec 902 w/ Blue LED Fans<< CM Storm Devastator MS2K 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Is Ubuntu safer than Windows against hacking/viruses?