Linux provides a shortcut to other countries other than the United States. Mainly because the source code of the Linux operating system itself is public code, the operating system developer can freely modify the source code and newly compiled into binary machine code, that is, the user can make the source code of the system and network security according to their own needs. After research, modify it, easily have its own version of the operating system. In particular, in terms of network security, Linux's source code disclosure of firewall and other network security protocols enables merchants to better understand the weaknesses and vulnerabilities of operating system security, and strengthen consolidation through changes in source code. However, it is only the source code disclosure and cannot solve the problem of network insecurity. Since the compilation program GCC and Linux's kernel (Kernel) program that compiles the source code, there are many weaknesses, which causes the Linux system program that hides behind the firewall. The Linux system program is still extremely easy to attack the online hackers.
Firewall only provides the most basic network protection
The main purpose of the firewall is to block unnecessary ports and transfer the network communication data. But as long as there is an open port, the network invasion is inevitable. If the general unit network server port is usually 80 port, the main task of the web server is to send the web page to the user, therefore must be opened all day. The hacker can easily attack the server through the 80-port HTTP protocol through the HTTP protocol of the web page to attack the server. For example, the firewall is like a intensive barbed wire, although it can block the attack of the wolf tiopao, but the bee mosques can still pass through.
The inner vulnerability of GCC causing server to be attacked
Since the GCC comes from the era of the network, there is no preparation for many special circumstances derived from the network. GCC has many intrinsic weaknesses, including output command printf for lack of special state inspections and insufficient parameter value variable values. These two points will cause memory addresses to be easily broken. The Linux server compiled by GCC is naturally carrying the weaknesses of GCC. This situation is very similar to the hereditary genesis, as long as the procedures compiled into GCC have this hereditary weaknesses. The hacker passes through the HTTP protocol through the HTTP protocol to send a weird value or enter a large or ultra-small value for other memory parameter values. The server program will read the memory address in the memory. And content, hackers can be modified after obtaining the memory address to achieve various illegal purposes from the modified web content to the paralysis server.
GCC is the main compiler of Linux, UNIX and BSD system source code
Most of the friends who have repaired computer programming courses have used GCC. GCC is a large program for binary code compilation of C / C languages and some other languages. The UNIX family has three independent members, which are BSD and Linux of UNETACEMS (AT & T) Unix, Berkley University (UC Berkley). GCC is currently the main compilation tool for UNIX family operating system. The current server compiled by GCC is not counting on GCC, which means that hackers can invade the group of objects.
Causes to rule
GCC's vulnerability can make up for protective modifications to source code. If all user input parameters in the source code of the network server are detected, the entered input values are not passed. But this way will increase the number of source code and complexity, and it is difficult to maintain when it is expensive. It is a better way to improve the improvement of the GCC compiler program. For the Units with Linux, you can easily increase the security level to a new level with a new version of the new version of the new version of GCC. There are currently many organizations and individuals in the world being committed to research and development of GCC improvement. US Immunix (Translation: Immunization Unix) is the first high-tech company in the world to commercialize GCC improvement. The company's GCC improvement procedure belongs to the scope of the GPL protocol, that is, the source code itself to modify the compiler GCC is also open.
Network security prospects are not optimistic
Although several major vulnerabilities can be filled by replenishment of GCC, because the GCC program is very large, there may be potential vulnerabilities or a lot. As the saying goes: "Tao high one foot, the magic is a high feet", and the world's hackers are working on the various potential vulnerabilities of GCC and Linux and Microsoft operating system kernels. The current situation of network security is "easy attack difficulties." ", Hackers can quickly launch large-scale attacks after discovering new vulnerabilities, and the discovery and subsequent compensation measures for vulnerabilities are relatively slow. The author believes that the development of my country's independent operating system and the source code is an inspiring thing, but the learning and understanding of the source code compiler is equally important.
