Security quotes of the week
Posted Jun 5, 2012 0:18 UTC (Tue) by vonbrand
In reply to: Security quotes of the week
Parent article: Security quotes of the week
>> And the fact that Windows 7 is vulnerable is relevant for Linux/Unix security because...
> ... it is/was/can be a POSIX system?
Nobody sane uses the POSIX system on Windows. And again, whether the POSIX system of Windows 7 is easy to subvert has next to no bearing on Linux' security
> ... it is widely used in desktops and in servers?
Again, if Windows 7 is widely used (or not) has no relation whatsoever to Linux' security.
> ... in this discussion, people keep bringing "you cannot trust Linux with your data" when, in reality, you cannot trust any OS with your data because there is no such thing as a secure multiuser system?
Sure, if we accept that there are no secure multiuser systems then Linux isn't secure. But that begs the question.
> ... my example "privilege escalation Windows 7" could have been "privilege escalation OSX" or "privilege escalation Linux" or even "privilege escalation OpenBSD" and the results would have been analogous?
Sorry, it isn't enough to ask people to go looking on Google for random problems to prove your point. If you do have a recent example of a way to leverage non-privileged user shell access to root on a reasonably installed (for example, default configuration for a development station on an up to date(ish) mainline distribution, no "disable SELinux" nor "install random junk"), I'd listen. But only given enough details to repeat the feat. And the OpenBSD folks will sure be very interested if you pull it off on their system.
Extraordinary claims require extraordinary proof.
Sorry, not by a long shot.
to post comments)