On Mon, Jul 14, 2014 at 12:10 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > On Mon, Jul 14, 2014 at 11:47 AM, Andrew Wyatt <andrew at fuduntu.org> wrote: > > >> > >> Anyway, he also seems determined to see it all as black and white, > rather > >> than looking at the *much* larger set of bugs and vulnerabilities that > >> Windows Server has had than any version of 'Nix. Sure, we have some... > but > >> a *lot* fewer, and overwhelmingly far less serious. > >> > >> mark > >> > >> > > Yup, overwhelmingly less serious. > > > > http://heartbleed.com/ > > > > Oh, wait. > > Openssl doesn't have much to do with Unix/linux. It is just one of a > bazillion application level programs that you might run. Are you > going to include all bugs in all possible windows apps in your > security comparison? > OpenSSL is a library, not an application, but I understand where you're going with this. No you wouldn't include all Windows apps, but you would include anything that's immediately available to Windows. Same principle here. We wouldn't measure Oracle, like we wouldn't SQL server but we would OpenSSL because it's available in the repo and not third party. > > But init/upstart/systemd are very special things in the unix/linux > ecosystem. They become the parent process of everything else. For > everything else, the only way to create a process is fork(), with it's > forced inheritance of environment and security contexts. > Yes, they sure are, you're right about that. Without an init (of any kind), you only have a kernel. You don't have mounted filesystems, or anything else. > > In any case, giant monolithic programs that try to do everything > sometimes become become better than a toolbox, but it tends to be > rare. First, it takes years to fix the worst of the bugs - but maybe > that has already happened in fedora... And after that it is an > improvement only if the designers really did anticipate every possible > need. Otherwise the old unix philosophy that processes are cheap - > if you need another one to do something, use it - is still in play. > If you need something to track how many times something has been > respawned or to check/clean related things at startup/restart you'll > probably still need a shell there anyway. > > It's very rare. I wasn't speaking to this though in this instance, I was only speaking to Windows security not being any better or worse than anything else. Security is only as good as your admins and your implementation. It's also an on-going process on any platform. I was just pointing out that it's beyond silly to "because windows is less secure!". > -- > Les Mikesell > lesmikesell at gmail.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >