Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Comment Re:super (Score 4, Informative) 584

by scot_sd (#5778158) Attached to: Windows Server 2003 Is A Small Step Forward

I can see how moving a service like this into the kernel could have stability implications, but you didn't say anything about that

You obviously didn't read the first line of my post, so here it is again:

good thing IIS has proven itself both secure and stable. otherwise, this could really be an issue

I could have sworn that 10th word is stable, my bad.

Concerning security, you're partially correct. Running the HTTP stack in kernel mode doesn't make it inherently less secure. It does allow any subsequent exploit to run without any of the protections built into the OS, though (don't even try to tell me that that won't happen, either. network stack code is notoriously susceptable to buffer overflow). Want to destroy the partition table? Easy, just access the drive directly. Access kernel data structures? Sure, kernel memory is wide open. Pass bullshit to the hardware to try and get it to fail? OK, the system bus is yours. And, I could be wrong, but I'm fairly sure that kernel level access is all that's required to update the system bios, which could be especially nasty. Finally, causing a system crash is trivial, as the OS is no longer able to kill/deny the HTTP stack process when it trys to do something it shouldn't. But, isn't that stability and not security?!? The truth is that it, and virtually all the other things I brought up, are BOTH. A lack of stability is a security risk and vice versa, as anyone who has suffered a ping-of-death style DOS attack will gladly tell you.

Honestly, I don't hate Microsoft. As you noted, they have been extremely successful and I respect that. It just urks me that they seem entirely willing to unleash bug ridden code without much thought for what happens when said bugs are used to compromise a substantial chunk of the systems on the net. Running an application level network protocol stack in the kernel is just one of many examples of this. Another good one was their narrowly thwarted attempt to allow any user process access to raw IP sockets in XP, which would have exponentially increased the difficulty in dealing with DDOS attacks. Even a little forethough on their part on issues like this would go a long way, and it's a sham that they don't use it.

Hope I answered your question.

Slashdot Top Deals

Parallel lines never meet, unless you bend one or both of them.

Close