There was a hole in the wall

January 20th, 2004 § 4 comments

Just the other day I was doing a favor for a friend of mine who owns a marketing company when I stumbled upon a thing that showed once again how Windows is much more unsafe than Linux or any other decent OS if installed with its default options.

Since that friend doesn’t know much about programming, she asked me to create some scripts for the site of one of her clients. The site is hosted in one of the biggest hosting providers in Brazil, both in terms of customers and infrastructure, which shall remain unnamed to protect the not so innocent. At some point, one of the scripts gets a file uploaded to the server and forwards it to a specific e-mail address. So far, so good. It’s just a question of hooking two components together.

However, when I started creating the script, I found that I didn’t know where to temporarily store the files, before they were sent to the correct e-mail address and deleted from the server. It was a bit past midnight, and I had to way to ask support. Since I was using a programming language that has no command to retrieve the current directory, I just used the simple and dirty way to find where the file is running from: I caused an error. With the directory at hand, I tried to save a file to it. It worked. Considering that that language also lacks any kind of protection against that kind of thing, I wasn’t bothered. So, just for fun, I tried to save the file at C:\Temp. To my surprise, it just worked.

All right, accessing C:\Temp isn’t a big deal, even though it wasn’t supposed to happen. So, I decided to go further, and tried to access C:\WINNT. As incredible as that may sound, this directory was completely accessible, with full reading and writing rights. If that is not a security hole, I don’t know what a security hole is.

In short, a user with a simple FTP password can easily compromise the machine, which is part of a much bigger cluster. Even a user with proper access to the site can easily damage the machine by mistake. And some people still say Windows is safe.

§ 4 Responses to There was a hole in the wall"

  • Anders says:

    I must admit – yeah – that is a massive security hole. It’s very rare for professional ISPs to run Windows, though, isn’t it? My provider, http://www.pair.com, is running FreeBSD/NetBSD and has done for the last 5-6 years at least with very good success (stability, security etc)…… They come with my highest recommendations! I’m assuming that on WinNT IIS can run as some other user (with no Administrator privileges); like the http daemon can run as “nobody” on Linux/NetBSD…

  • Ronaldo says:

    As surprising as it may sound, here in Brazil almost all hosting providers offer Windows as an option — although usually at a price higher than Linux. Also, from what I’ve seen in my years as a Web developer, Windows is the dominant platform because it’s easier to find people that develop for it than for Linux. But that’s been changing in the past few years as more people realize Linux is safer, cheaper and more powerful.

  • thomas says:

    I don’t think your example can be used as a proof that windows is less secure than linux…so the default mysql installation uses ‘root’ for login and no password, does this mean that mysql is unsecure? Well it can be, but definitely the default user/pass doesn’t prove anything. Your example just proves one thing, that there are lazy admins working at hosting providers in Brazil (yeah, i’m brazilian too)

  • Ronaldo says:

    I undestand what we are saying, but I disagree. MySQL is not part of the operational system, and all I said is that Linux is more secure than Windows in its *default* installation. MySQL is just an additional service. If you were comparing it to Microsoft SQL Server, which also installs with a blank password by default, I’d agree.

    The problem, however, is that Windows ships with all its folders and files generally unprotected, accessible by everyone who has access to the machine. Linux, on the other hand, ships with very strict permissions. To properly configure a Windows system with regards to its permissions, you’d have to go through a lot of hops and you’d be vulnerable again every time a new application is installed. So, Linux is indeed safer than Windows in its default configuration.

What's this?

You are currently reading There was a hole in the wall at Reflective Surface.

meta