Post by Menno DuursmaPost by Ãurgüubut he misses the point: like Linus Torvalds said in a recent
article "Linux is good enough"...
At doing what?
Anything. IMHO, Linux is excellent as a workstation, and excellent as a
[web|database|file|print] server.
Well, i agree. But what about: Games? Smilies in MSN clients? Etc ...
Post by Menno DuursmaPost by Ãurgüufor, let's say, 90% of users.
Users of what kind of applications?
See above.
Not everybody (or IME even 90%) uses thier computer(s) for those things.
Post by Menno DuursmaPost by ÃurgüuFor the 10% of users who demand iron-clad security out of the box,
No. since is not _verifiably_ correct (like GEMSOS or EROS are.)
True, but IMHO, I think you contradict yourself with the following
I don't think so. As "iron-clad security" /no/ Unix-like system can
provide. (Unless you turn them off.)
Post by Menno DuursmaIt is a *free* general purpose Unix-like system (just as Linux) in
_that_ category of OSs, it has the best security track- record, yes.
And a track record is what you are looking for, if you want some serious
security.
That depends; "security" about what? That it will run on your 8way server
or that you wount loose your job for using it? And so on. Or a feeling of
that your systems are save from crackers? Or actual correctness?
EROS, for instance, may be 'correct' (whatever that means),
It means the security model it implements can be proven to be valid.
but AFAIK, it's not used much outside of a very small academic
community.
If you know large corporate/governmental users of EROS, I'll be happy to
be corrected. OpenBSD, on the other hand, is used by many corporations
(Adobe Software, for one) and by governmental agencies both in the USA
(DoJ) and outside of it.
That's all very nice (FWIW i use it myself too) but it doesn't change the
fact that its not a secure system. (Nor is Linux or most others.)
Post by Menno DuursmaHowever it lacks security /policy/ enforcemrent features (like ACLs.)
Well, if ACLs were the be-all and end-all in security,
Thier not. It adds some though, and for company wide SMB file-servers
you might not have much of a choise.
Windows would be very secure, since it implements fine-grained ACLs. But
1/ They are only as good as the OS they are implemented on.
Yep. If you need more then Unix provides, maybe look at: Trusted VMS,
Trusted Solaris, SELinux or whatever.
Windows implements ACLs, and it's still insecure.
So does BOS and (AKAICT) it's programmatically _very_ secure but people
cleartext Telnet and FTP into it: there you go.
MS-Windows has service daemons fully listening/servicing with LocalSystem
privileges (some even kernel-mode) and just the concept of "user" Unix
has, so any process gets the privileges of the user that spawn it: one bug
in any of those apps ... the whole system; any bug in a user app: ...
anything that user had write access to.
2/ In a production environment, ACLs can be a pain in the neck to
configure correctly.
I know.
A newbie SysAdmin can actually open security holes if he incorrectly
's/A newbie SysAdmin/Any SysAdmin/'
configures ACLs on his machines. UN*X three-tiered authorizations
(owner / group / everybody) are (still IMHO) easier to maintain and
configure.
Certainly. So are libwrap (tcp wrapper) network ACLs as compared to PF,
but OpenBSD doesn't implement them either (exept for "sshd" that is.)
--
-Menno.