httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chad Leigh -- Shire.Net LLC <c...@shire.net>
Subject Re: [users@httpd] Favorite Linux Distribution
Date Wed, 09 Feb 2005 17:37:57 GMT

On Feb 9, 2005, at 10:22 AM, Ivan Barrera A. wrote:

>>> The GUI is another userland program.  It is no different than apache 
>>> in
>>> that regard.
>> Not true. GUIs have to have special access to the video hardware on 
>> the
>> vast majority of operating systems (including UNIX), either because 
>> they
>> can't run at all any other way or because performance is so poor 
>> without
>> such access that they cannot be practically used. This direct access 
>> is
>> a security breach on most modern operating systems and has a
>> destabilizing influence on the OS.
>
> Just take a look with ps.
> X runs setuid root, cause it need direct hw access.

It is not required of a GUI, just  maybe desirable for performance 
reasons.  setuid root is no proof of direct HW access.  The kernel can 
expose a frame buffer or simple video API to userland programs.  For 
performance reasons we tend to have privileged video HW drivers, but it 
is not inherent in a GUI.

>
> This days, a little memory, or cpu , is not a problem, true. But there 
> are some security breachs in having a GUI (X in this case).

For example, what?  (Assuming a properly configured X installation).

> If you need graphical output, you can have another workstation with X, 
> and export your display. It's easier, and prettier.
>

In order to do so, you have to install X on the server, whether you run 
it or not.  That was being condemned, which is BS.

I don't run a GUI on my server, but a blanket condemnation of it as 
unsafe or unreliable is BS.  I do have X installed on my servers so 
that I can do the occasional remote displays of things.  Or run certain 
installers. I had some ecommerce software I was installing.  It had a 
java based installer that required X display capabilities on the first 
install (followup installs or upgrades could be done CLI only using an 
XML config file that was written out on the first install).  I set the 
display to my OS X workstation and was able to do it.  I couldn't have 
done it if I did not have X installed.

Now, I will grant that running X as a workstation, ie, all the cruft 
running on the server that you would have on the workstation, could be 
a problem, both for performance and for security.  But it is not the 
GUI that caused it, rather the misuse.  The same can be said of server 
daemons.  Install them wrong or set them up wrong and you have 
performance or security problems.

And the assertion, which was made in this thread a few posts back, that 
unix was designed as a server OS is also BS.  I think people need to 
review their unix history.  unix goes  back as a WORKSTATION OS more 
than anything (look at old Sun, Apollo, DEC, IBM, etc Unix efforts).

Chad


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message