While I was searching online for information about Linux security, the most typi

Question

While I was searching online for information about Linux security, the most typical explanation was: Linux is secure, because the root password is required to access the kernel and install new applications - therefore external malicious software can't do any harm as long as the administrator is the only person to know the password.

OK, that sounds good. But when a password is the only thing that stands between restricted access and total control of the system, is the system really that secure? By that I mean all kinds of tricks hackers think of to access systems, and particularly to reveal data (passwords).

Explanation / Answer

"Linux" (as some aggregate of all the installations) typically has quite a bit more than just a password denying external access.

First, there's a uniform set of discretionary access controls: read/write/execute permissions, for user/group/everybody else. Traditionally, these permissions are actually used, rather than ignored and/or worked around. Additionally, some subset of installations have SELinux installed, configured and working, so that finer-grained, access control list style of permissions is enforced.

Second, servers usually run as a designated special user. NTP processes run as as user "ntp". Web server processes run as a user "http", MySQL databases runs as a user "mysql", for example. The descretionary access controls described above almost always prevent the NTP user ID from doing much more than reading some of the HTTP user ID's files.

Third, the software installed base is highly fragmented. There's a huge number of different distributions. After that, not every installation runs Apache HTTPD, or sendmail SMTP server. There are alternatives, and there's usually only a plurality of installations with a given server. Versions of software are also highly fragmented. With every distribution compiling and maintaining its own choice of web server, it's very, very rare for two installations to run a server that has the same bugs, or even the same compilation options.

So, for instance, someone going after a Linux machine via WordPress password guessing can maybe guess the WordPress password. That might get the attacker something running as user "http" or "apache". Bad and horrifying as that might be, it's not everything. The "http" or "apache" user almost certainly can't overwrite very many files at all, only HTML and what have you in the DocumentRoot directory. It would take another leap, guessing the "root" password for some distributions, or exploiting a local privilege escalation, to get to some kind of universal file access.

This really is multiple layers, but note that it's mainly by culture and tradition, and it's also a sort of "herd immunity". It's always possible that some combination of exploits would yield root access on a given system, but that combination probably wouldn't apply to very many other systems.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.