|
|
| Author |
Message |
khrath
RealPoor Master of Posts
Joined: 11 Oct 2002
Posts: 8750
|
 Posted: 04/14/06 - 18:37 Post subject: security, win vs linux, systems calls running a web server
|
|
|
http://blogs.zdnet.com/threatchaos/?p=311
These guys made these maps up of the system calls made loading a single page with only a single image on it.
The first picture is of the system calls that occur on a Linux server running Apache.
<img src=http://blogs.zdnet.com/images/SysCallApachesmall.jpg>
The second image is of a Windows Server running IIS.
<img src=http://blogs.zdnet.com/images/SysCallIISsmall.jpg>
good god
|
|
|
Back to top
|
|
|
|
 |
kireol
RealPoor Master of Posts
Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI
|
|
Posted: 04/14/06 - 19:02 Post subject:
|
|
|
|
ever wrote a program that displays "hello world" in windows before?
|
|
|
Back to top
|
|
|
|
|
Xieroth
RealPoor Sensei
Joined: 17 Oct 2002
Posts: 1902
|
|
Posted: 04/14/06 - 21:51 Post subject:
|
|
|
| kireol wrote: | | ever wrote a program that displays "hello world" in windows before? |
Looks the exact same way that it does in unix.
int main() {
cout << "Hello World!" << endl;
return 0;
}
*shrug*
As far as the system calls goes, it pretty much means nothing at all. Why?
1) This is IIS vs Apache NOT Windows vs Linux
2) Just because there are more doesn't mean it is inheritly less secure.
3) He doesn't explain anything about the system calls, and thus there is no real information given.
|
|
|
Back to top
|
|
|
|
|
kireol
RealPoor Master of Posts
Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI
|
|
Posted: 04/14/06 - 22:40 Post subject:
|
|
|
| Xieroth wrote: | | kireol wrote: | | ever wrote a program that displays "hello world" in windows before? |
Looks the exact same way that it does in unix.
int main() {
cout << "Hello World!" << endl;
return 0;
}
*shrug*
As far as the system calls goes, it pretty much means nothing at all. Why?
1) This is IIS vs Apache NOT Windows vs Linux
2) Just because there are more doesn't mean it is inheritly less secure.
3) He doesn't explain anything about the system calls, and thus there is no real information given. |
ok, let me clarify for the smart asses.
in C++. real C++. without all the fancy schmancy addons plugins or wizards.
|
|
|
Back to top
|
|
|
|
|
Lumberg
RealPoor Guru
Joined: 17 Nov 2002
Posts: 4404
Location: i'm in ur base, i'm killin ur dudes
|
|
Posted: 04/14/06 - 22:59 Post subject:
|
|
|
duh
<html> Hello World <html>
|
|
|
Back to top
|
|
|
|
|
Mogling
RealPoor Guru
Joined: 29 Dec 2002
Posts: 2451
|
|
Posted: 04/15/06 - 02:11 Post subject:
|
|
|
| kireol wrote: | | Xieroth wrote: | | kireol wrote: | | ever wrote a program that displays "hello world" in windows before? |
Looks the exact same way that it does in unix.
int main() {
cout << "Hello World!" << endl;
return 0;
}
*shrug*
As far as the system calls goes, it pretty much means nothing at all. Why?
1) This is IIS vs Apache NOT Windows vs Linux
2) Just because there are more doesn't mean it is inheritly less secure.
3) He doesn't explain anything about the system calls, and thus there is no real information given. |
ok, let me clarify for the smart asses.
in C++. real C++. without all the fancy schmancy addons plugins or wizards. |
Maybe you should have said not a console aplication, as you know, hes totaly correct. a WIN32 console app thats really all you have to do other then like 1 #include
|
|
|
Back to top
|
|
|
|
|
motherface
RealPoor Guru
Joined: 12 Mar 2003
Posts: 3407
|
|
Posted: 04/15/06 - 02:36 Post subject:
|
|
|
| Code: | import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class GayServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) {
try {
response.getOutputStream().write("Gayness Supreme".getBytes());
} catch (IOException ie) {
ie.printStackTrace();
}
}
}
|
|
|
|
Back to top
|
|
|
|
|
Xieroth
RealPoor Sensei
Joined: 17 Oct 2002
Posts: 1902
|
|
Posted: 04/15/06 - 03:08 Post subject:
|
|
|
| kireol wrote: | | Xieroth wrote: | | kireol wrote: | | ever wrote a program that displays "hello world" in windows before? |
Looks the exact same way that it does in unix.
int main() {
cout << "Hello World!" << endl;
return 0;
}
*shrug*
As far as the system calls goes, it pretty much means nothing at all. Why?
1) This is IIS vs Apache NOT Windows vs Linux
2) Just because there are more doesn't mean it is inheritly less secure.
3) He doesn't explain anything about the system calls, and thus there is no real information given. |
ok, let me clarify for the smart asses.
in C++. real C++. without all the fancy schmancy addons plugins or wizards. |
umm a*****e that is real C++ without any fancy GUI libraries at all. So f**k off. I left out the include.
oh and the include I didn't write would be #include <iosteam.h>
But here lets write it in C.
#include <stdio.h>
int main() {
printf("Hello World!\n");
return(0);
}
|
|
|
Back to top
|
|
|
|
|
khrath
RealPoor Master of Posts
Joined: 11 Oct 2002
Posts: 8750
|
|
Posted: 04/15/06 - 09:28 Post subject:
|
|
|
| Xieroth wrote: | | kireol wrote: | | ever wrote a program that displays "hello world" in windows before? |
Looks the exact same way that it does in unix.
int main() {
cout << "Hello World!" << endl;
return 0;
}
*shrug*
As far as the system calls goes, it pretty much means nothing at all. Why?
1) This is IIS vs Apache NOT Windows vs Linux
2) Just because there are more doesn't mean it is inheritly less secure.
3) He doesn't explain anything about the system calls, and thus there is no real information given. |
the poit of the article was to show why windows is HARDER to make secure than linux, when coding.
|
|
|
Back to top
|
|
|
|
|
Xieroth
RealPoor Sensei
Joined: 17 Oct 2002
Posts: 1902
|
|
Posted: 04/15/06 - 10:23 Post subject:
|
|
|
| khrath wrote: | | Xieroth wrote: | | kireol wrote: | | ever wrote a program that displays "hello world" in windows before? |
Looks the exact same way that it does in unix.
int main() {
cout << "Hello World!" << endl;
return 0;
}
*shrug*
As far as the system calls goes, it pretty much means nothing at all. Why?
1) This is IIS vs Apache NOT Windows vs Linux
2) Just because there are more doesn't mean it is inheritly less secure.
3) He doesn't explain anything about the system calls, and thus there is no real information given. |
the poit of the article was to show why windows is HARDER to make secure than linux, when coding. |
IT ISN'T WINDOWS d*****t!!!!
IIS VS APACHE!
|
|
|
Back to top
|
|
|
|
|
kireol
RealPoor Master of Posts
Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI
|
|
Posted: 04/15/06 - 12:20 Post subject:
|
|
|
| Xieroth wrote: | | khrath wrote: | | Xieroth wrote: | | kireol wrote: | | ever wrote a program that displays "hello world" in windows before? |
Looks the exact same way that it does in unix.
int main() {
cout << "Hello World!" << endl;
return 0;
}
*shrug*
As far as the system calls goes, it pretty much means nothing at all. Why?
1) This is IIS vs Apache NOT Windows vs Linux
2) Just because there are more doesn't mean it is inheritly less secure.
3) He doesn't explain anything about the system calls, and thus there is no real information given. |
the poit of the article was to show why windows is HARDER to make secure than linux, when coding. |
IT ISN'T WINDOWS d*****t!!!!
IIS VS APACHE! |
in case you havent seen the intraweb in the last 10 years or so, Windows/IIS and Linux/Apache get compared all of the time. Also in case you havent heard, IIS is a PROGRAM written for the WINDOWS operating system.
|
|
|
Back to top
|
|
|
|
|
kireol
RealPoor Master of Posts
Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI
|
|
Posted: 04/15/06 - 12:23 Post subject:
|
|
|
oh and also
| Code: | // hello.cpp : Defines the class behaviors for the application.
//
#include "stdafx.h"
#include "hello.h"
#include "hellodlg.h"
#ifdef _DEBUG
#undef THIS_FILE
static char BASED_CODE THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// CHelloApp
BEGIN_MESSAGE_MAP(CHelloApp, CWinApp)
//{{AFX_MSG_MAP(CHelloApp)
//}}AFX_MSG
ON_COMMAND(ID_HELP, CWinApp::OnHelp)
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CHelloApp construction
CHelloApp::CHelloApp()
{
}
/////////////////////////////////////////////////////////////////////////////
// The one and only CHelloApp object
CHelloApp theApp;
/////////////////////////////////////////////////////////////////////////////
// CHelloApp initialization
BOOL CHelloApp::InitInstance()
{
// Standard initialization
SetDialogBkColor(); // Set dialog background color to gray
LoadStdProfileSettings(); // Load standard INI file options (including MRU)
CHelloDlg dlg;
m_pMainWnd = &dlg;
int nResponse = dlg.DoModal();
if (nResponse == IDOK)
{
}
else if (nResponse == IDCANCEL)
{
}
// Since the dialog has been closed, return FALSE so that we exit the
// application, rather than start the application's message pump.
return FALSE;
}
|
|
|
|
Back to top
|
|
|
|
|
khrath
RealPoor Master of Posts
Joined: 11 Oct 2002
Posts: 8750
|
|
Posted: 04/15/06 - 12:35 Post subject:
|
|
|
| Xieroth wrote: | | khrath wrote: | | Xieroth wrote: | | kireol wrote: | | ever wrote a program that displays "hello world" in windows before? |
Looks the exact same way that it does in unix.
int main() {
cout << "Hello World!" << endl;
return 0;
}
*shrug*
As far as the system calls goes, it pretty much means nothing at all. Why?
1) This is IIS vs Apache NOT Windows vs Linux
2) Just because there are more doesn't mean it is inheritly less secure.
3) He doesn't explain anything about the system calls, and thus there is no real information given. |
the poit of the article was to show why windows is HARDER to make secure than linux, when coding. |
IT ISN'T WINDOWS d*****t!!!!
IIS VS APACHE! |
it doesnt have ot be apache or iis
the point of it all was to show how many system calls windows uses on average, versus linux. More system calls = harder to secure your code.
|
|
|
Back to top
|
|
|
|
|
Jukas
Toomuchtimeonhands
Joined: 19 Mar 2003
Posts: 896
|
|
Posted: 04/15/06 - 12:53 Post subject:
|
|
|
| kireol wrote: |
in case you havent seen the intraweb in the last 10 years or so, Windows/IIS and Linux/Apache get compared all of the time. Also in case you havent heard, IIS is a PROGRAM written for the WINDOWS operating system. |
Not to nitpick, but there is an Apache port for Windoze.
It wasn't mind blowing, but it was kind of neat to see the difference between the two systems. I'd be curious to see if the Apache port for Win32 mirrors the IIS maping or the Linux Apache one.
|
|
|
Back to top
|
|
|
|
|
kireol
RealPoor Master of Posts
Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI
|
|
Posted: 04/15/06 - 12:58 Post subject:
|
|
|
| Jukas wrote: | | kireol wrote: |
in case you havent seen the intraweb in the last 10 years or so, Windows/IIS and Linux/Apache get compared all of the time. Also in case you havent heard, IIS is a PROGRAM written for the WINDOWS operating system. |
Not to nitpick, but there is an Apache port for Windoze.
It wasn't mind blowing, but it was kind of neat to see the difference between the two systems. I'd be curious to see if the Apache port for Win32 mirrors the IIS maping or the Linux Apache one. |
ya, i run apache on both my windows and linux box. havent noticed much difference. but when web sites chose an OS they almost always choose the corosponding web server.
|
|
|
Back to top
|
|
|
|
|
kireol
RealPoor Master of Posts
Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI
|
|
Posted: 04/15/06 - 13:07 Post subject:
|
|
|
http://www.centexhomes.com/Detroit/
| Code: | Microsoft VBScript compilation error '800a03e9'
Out of memory
/Detroit/M21518D1233.asp, line 0
|
speaking of IIS. now how am i supposed to go look at my new house?!
|
|
|
Back to top
|
|
|
|
|
Xieroth
RealPoor Sensei
Joined: 17 Oct 2002
Posts: 1902
|
|
Posted: 04/15/06 - 15:24 Post subject:
|
|
|
| kireol wrote: | http://www.centexhomes.com/Detroit/
| Code: | Microsoft VBScript compilation error '800a03e9'
Out of memory
/Detroit/M21518D1233.asp, line 0
|
speaking of IIS. now how am i supposed to go look at my new house?! |
ASP 3.0 (maybe 2.0 but I doubt it) error.
Not really IIS's fault, I'd blame the programmer.
|
|
|
Back to top
|
|
|
|
|
Xieroth
RealPoor Sensei
Joined: 17 Oct 2002
Posts: 1902
|
|
Posted: 04/15/06 - 15:25 Post subject:
|
|
|
I should note that at work I use OSX, Ruby, and Rails. 
|
|
|
Back to top
|
|
|
|
|
Occulis
RealPoor Jedi
Joined: 11 Oct 2002
Posts: 13293
Location: Moral Relativity Central
|
|
Posted: 04/17/06 - 09:59 Post subject:
|
|
|
| Xieroth wrote: | | I should note that at work I use OSX, Ruby, and Rails. |
I don't like RoR for a few reasons. Mostly, everyone I know who is a RoR fanatic is a douche bag. Here's a good article from a guy who loves RoR and works at Google.
http://beust.com/weblog/archives/000382.html
|
|
|
Back to top
|
|
|
|
|
Xieroth
RealPoor Sensei
Joined: 17 Oct 2002
Posts: 1902
|
|
Posted: 04/17/06 - 11:39 Post subject:
|
|
|
| Occulis wrote: | | Xieroth wrote: | | I should note that at work I use OSX, Ruby, and Rails. |
I don't like RoR for a few reasons. Mostly, everyone I know who is a RoR fanatic is a douche bag. Here's a good article from a guy who loves RoR and works at Google.
http://beust.com/weblog/archives/000382.html |
Well I'm not a fanatic about it. Honestly ASP.net and JSP offer much better solutions. This is just what I currently get paid to do.
|
|
|
Back to top
|
|
|
|
|
Occulis
RealPoor Jedi
Joined: 11 Oct 2002
Posts: 13293
Location: Moral Relativity Central
|
|
Posted: 04/17/06 - 11:45 Post subject:
|
|
|
| Xieroth wrote: | | Well I'm not a fanatic about it. Honestly ASP.net and JSP offer much better solutions. This is just what I currently get paid to do. |
I'd probably rather be paid to work in RoR than not paid to be slowly digested by plankton. This is a good trade off. You have won this round.
|
|
|
Back to top
|
|
|
|
|
Xieroth
RealPoor Sensei
Joined: 17 Oct 2002
Posts: 1902
|
|
Posted: 04/17/06 - 14:05 Post subject:
|
|
|
| Occulis wrote: | | Xieroth wrote: | | Well I'm not a fanatic about it. Honestly ASP.net and JSP offer much better solutions. This is just what I currently get paid to do. |
I'd probably rather be paid to work in RoR than not paid to be slowly digested by plankton. This is a good trade off. You have won this round. |
what if someone paid you to be slowly digested by plankton?
|
|
|
Back to top
|
|
|
|
|
|
|
