For more information about Linux network security limitations-Linux Enterprise applications-Linux server applications, see the following. Linux provides a shortcut for developing operating systems in other countries outside the United States. The main reason is that the source code of the Linux operating system is open. The operating system developer can freely modify the source code and translate it from the new binary machine code, that is to say, users can modify the source code of the system and network security according to their own needs, so that they can easily own their own version of the operating system. Especially in terms of network security, the open source code of Linux's firewall and other network security protocols allows merchants to better understand the vulnerabilities and vulnerabilities of operating system security, enhance security by modifying source code. However, the open source code alone cannot solve the problem of network insecurity. The GCC and Linux Kernel (Kernel) programs that compile source code have many weaknesses, this causes the Linux system program hiding behind the firewall to be vulnerable to cyberattacks.
The firewall only provides the most basic network protection.
The main purpose of the firewall is to block unnecessary ports and filter network communication data. However, as long as there are open ports, network attacks are inevitable. For example, the network server port is usually port 80. The main task of the network server is to send a webpage to the user, so it must be activated all day. Hackers can easily attack the server through the firewall through port 80 through the HTTP protocol that browses the web page. For example, the firewall is like a dense wire mesh. Although it can block the attack by the wolf, the tiger, and the leopard, it can still easily pass through the horse bee.
Internal GCC vulnerabilities make servers vulnerable to attacks
Since GCC originated in the pre-network era, it is not prepared for many special situations derived from the network. GCC has many internal weaknesses, including the failure of the output command printf to check the special status and the failure of checking the value range of parameter values. These two points will easily cause a breakthrough in the memory address. The Linux Server compiled by GCC naturally carries the GCC weakness. This situation is very similar to hereditary genetic diseases, as long as it is compiled by GCC programs that have this genetic weakness. After port 80, the hacker can send an odd value to the printf of the server or input an extremely large or ultra-small value to other memory parameter values through the HTTP protocol, the server program will randomly read the memory address and content in the memory when it is overwhelmed by this special state, after obtaining the memory address, hackers can modify it for various illegal purposes, such as modifying the webpage content and paralyzing the server.
GCC is the main source code compilation program for Linux, Unix, and BSD systems.
Most of my friends who have taken computer programming courses have used GCC. GCC is a large program that compiles binary code in C/C ++ and other languages. The Unix family has three independent members: Unix at AT&T, BSD at UC Berkley, and Linux. GCC is currently the main tool for compiling Unix operating systems. There are countless servers compiled by GCC around the world. That is to say, hackers can attack a very large group of objects.
Governance
The GCC vulnerability can be compensated by modifying the source code. For example, if you perform parameter value range detection for all user input parameters in the source code of the network server, the super large and super small input values will not pass. However, this method will greatly increase the number and complexity of source code, which is time-consuming and difficult to maintain. The improvement of GCC compiler programs is a better way. For units with Linux, you can easily upgrade the security level to a new level by using the new version of GCC with improved security for existing source code. At present, there are multiple organizations and individuals in the world who are working on the research and development of GCC improvement. Immunix (immune Unix) in the United States is currently the world's first high-tech company to commercialize the GCC release version. The GCC Improvement Program of the company belongs to the GPL protocol, that is, the source code for the GCC modification and improvement of the compiler is also open.
The prospect of network security is not optimistic.
Although several major vulnerabilities can be supplemented by modifications to GCC, there are still many potential vulnerabilities due to the huge GCC program. As the saying goes: "The sky is high, and hackers around the world are studying the potential vulnerabilities in GCC, Linux, and Microsoft operating system kernels, the current situation of network security is "easy to attack and defend against". After discovering new vulnerabilities, hackers can quickly launch large-scale attacks, however, the vulnerability discovery and subsequent remedial measures are relatively slow.
The author believes that the development of independent operating systems and the autonomy of source code are encouraging, but the learning and understanding of source code compilation programs are equally important.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
