| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Is Unix security really so weak?
UNIX has known flaws, mostly exploitable by insiders, which have user
accounts.
There are just a very few ones known to be a problem by outsider
attacks.
UNIX ist modular. You can remove everything, which is not bullet proof.
LINUX, FreeBSD, BSDI, NETBSD, OPENBSD are so modular, that you can even
remove everything from the kernel (e.g. IPX), so that no intruder can
activate
features, that will do any serious harm to further network servers, e.g.
NOVELL >
3.12. WINNT is definitely not bullet proof, is not modular (try to
remove a DLL ;-)
You can always reactivate some services on a NT-Server. Microsoft is
denys security
problems. 1.5 Billion $ is a investment, that costs, if they admit to
have some real
conceptual security problems. (See Active-X, they tell JAVA is unsafe in
the same
manner, like Active-X is...) Not my opinion.
Peter Luckock wrote:
>
> Hi.
>
> As an end-user I need access to Oracle SQL*Plus on a SUN/Solaris installation
> (sorry, I don't have version details). And a home directory. Nothing more.
>
> But wait! The Unix admin/support unit at my workplace tell me that what I'm
> asking for is impossible, "for security reasons".
>
> I'm now being told that NO user account in Unix is safe - that no matter how
> many controls are implemented by the superuser, even a humble end-user
> account could be used successfully to crack them all and evade detection. And
> the risk of this happening is serious enough to be of concern to auditors.
>
> I find this all rather implausible, especially for an OS that's been
> kicking around for 20 years. You'd think that companies like SUN would be
> very quick to plug any holes as big as that.
>
> Or, if my colleagues are right and Unix "security" is really an illusion,
> then why do we still use it? (How did the auditors ever approve it?)
>
> Perhaps it's just another case of the old "sorry, can't be done" excuse?
>
> Any thoughts, suggestions?
> Thanks
>
> Peter
> PS I'm a DOS/Windows/NetWare user unfamiliar with Unix.
Received on Thu Apr 03 1997 - 00:00:00 CST
 |
 |