Linux for United States other than the State provides independent development operating system of a shortcut.
Mainly because the source code of the Linux operating system itself is open, operating system developers can modify the source code free and from the new compiled into binary machine code, which means that users will be able to system and network security source code according to their own needs in the study and modify it so easily have their own version of the operating system. And especially in network security, Linux on the firewall and other network security protocol source code to more openness to businessmen operating system security weaknesses and vulnerabilities, and modify the source code of conduct on the safety enhancement. But just source code disclosure does not solve the problem of network security. As to the source code to compile GCC compiler and the Linux kernel (Kernel) program itself has many weaknesses, which caused the hid behind the firewall for Linux systems is still extremely vulnerable to network attacks by hackers. Firewalls only provide basic network protection for the primary purpose of a firewall is blocking the unnecessary ports and network traffic data to be transferred. But as long as there is an open port, network attacks are inevitable. If the General unit network server port, usually 80, the port, the network server main task is to send a Web page for the user and must be open throughout the day. While the hackers you can browse the Web easily through the HTTP protocol, port 80 on the server through a firewall. For example, a firewall as a dense barbed wire, although it can block the attacks dreamt, but WaSP mosquito or can easily pass through. GCC's inherent vulnerability to cause the server to be vulnerable due to GCC from the network before, so many times by the network of special situation unprepared. GCC has many inherent weaknesses, including output command printf on special status check is not enough and the variable value to the parameter value range check, these two points less than two points, such as would lead to a memory address easily be breakthrough. Compiled by GCC processing into Linux servers will carry the GCC's weaknesses. This situation is very similar to hereditary genetic disease, as long as the GCC compiled into programs have this genetic weaknesses. Hackers after 80, port through the HTTP protocol enables composition server send weird values or printf for other memory parameter values entered Super or super small value, the server program on this special State at will in memory in the memory address and random read, hackers to access memory address can be modified so as to achieve from the modify page content to paralyze the server and other illicit purposes. GCC is a Linux, Unix and BSD system main compiler source code built computer programming curriculum friends mostly use GCC. GCC is a C/c++ language and some other languages for binary code compiled a large program. Unix family has three independent members, they are United States telephone and Telegraph Company (AT&T) for Unix, beucler University (UCBerkley) in BSD and Linux. GCC is the Unix family operating system main compilation tool, worldwide by GCC compilation of existing servers, which means that hackers can infringe on a very large group of objects. Temporary solution to get GCC vulnerabilities can be protected to the source code to modify to cover. If on the network server in the source code of all user input parameters parameter value range detection, Super and ultra small input value is not passed. But this approach will make the source code greatly increased in numbers and complexity, time consuming and difficult to maintain. While GCC compiler program improvement is a better way. To have Linux Organization as long as a safety improvement of the new version of GCC on existing source code from the new compilation can easily set the security level to a new level. At present there are many organizations and individuals are working to improve the GCC's research and development. United States by Immunix (translated: immune Unix) is the world's first will improve GCC version commercialization of high-tech companies. The company's GCC improvement program is part of GPL agreement, namely to compiler GCC source code modifications improve itself is open to the public. Network security prospects not optimistic despite several major vulnerabilities can be passed to GCC modifications added to fill, but due to the GCC program very substantial, the possible existence of potential vulnerabilities or many. As the saying goes: "the road always prevails over the force of Justice", the world's hackers are on GCC and Linux and Microsoft operating system kernel of the various potential vulnerability painstaking research, network security, the current situation is "easy attack difficult to observe," hackers after the discovery of new vulnerabilities can be quickly launched a massive attack on the discovery of vulnerabilities and subsequent remedy measures is relatively slow. The author believes that China's proprietary operating system development and source code ownership is encouraged by the things, but the source code to compile the program of learning and understanding.
No comments:
Post a Comment