delphij's Chaos

选择chaos这个词是因为~~实在很难找到一个更合适的词来形容这儿了……

12 Feb 2005

An vulnerability, a threat, and you lose root, that's Linux.

Every quarter we got the same news: Linux did it again!

Yes, they DID it again. Many sites became victim during the last scan of awstats vulnerability, the most famous ones are www.phpbb.com, and moto.debian.org.tw, etc. You can Google the cracker organization and find more.

Why Linux is again and again vulnerable to these hack attempts? Why other systems doesn’t have such serious security issues even when an exploit is published? The answer is apparant: Linux did worst ever, among all Operating Systems, even when you include Windows. Imagine, a kernel which can permit normal users to gain root privilege.

So what’s the problem Linux’ers have?

  • Continously ignore the suggests for best security practices and warnings from security professionals.
  • Lack of serious code audit process, which tend to permit bogous code get committed to their BitKeeper repository (hey, yes, it got hacked in 2003!)
  • Trumpet security without ever think about it. Linuxers flame Windows, and almost every other systems, but they can’t even find out and fix the buffer overruns in their *kernel*. Yes, even a kernel is not maintainable.
  • The fatal problem is they keep rewriting major components because they NEVER try to design something before coding.

Linux “hackers” are coders, no architects, no professionals, just some student who did not even tried to read TAOCP! Try true operating systems, like FreeBSD, DragonFlyBSD, or even Windows, they take things seriously, unlike Linux, which is GPL’ed and disallows others from using your code in commercial products!