Security of Linux on PPC vs i386

Eric · External Since: Apr 25, 2007 Posts: 26

All else being equal, does Linux on a PPC tend to be more secure than on
an i386?

It seems that many of the Linux exploits seem to arise from things like
buffer overflows that insert machine-language code into predictable places
in the memory map, then the cracker is able to execute that machine
language code as a privileged user to create a back door.

It would seem that on average this would be less prevalent on PPC than on
i386 if for no better reason than there are probably many more crackers
out there that know i386 machine code than PPC machine code.

Is that a reasonable assumption or am I dreaming?

Jerry Heyman · External Since: Jun 26, 2006 Posts: 15

on Sunday 29 April 2007 01:52 pm, reply.in.group.DeleteThis@nospam.no (Eric) wrote:

>
> All else being equal, does Linux on a PPC tend to be more secure than on
> an i386?

Define secure.

> It seems that many of the Linux exploits seem to arise from things like
> buffer overflows that insert machine-language code into predictable places
> in the memory map, then the cracker is able to execute that machine
> language code as a privileged user to create a back door.
>
> It would seem that on average this would be less prevalent on PPC than on
> i386 if for no better reason than there are probably many more crackers
> out there that know i386 machine code than PPC machine code.
>
> Is that a reasonable assumption or am I dreaming?

As with Windows being the predominate x86 OS - hence the biggest target,
linux on x86 is the largest installed base. It would then point to the
x86 being the one that people would most likely attempt to exploit. The
addition of 'root' for admin, as opposed to the first configured user (a
la Windows) protects Linux from some easy exploits.

As for PPC being more secure than x86 - only because it has a much more
limited user base. Remember, Linux distros (regardless of CPU) use the
same source - if the exploit exists on x86, then the exploit exists on
PPC, Alpha, m68k, hppa, 390, ... People just don't use them as much, so
they're not the initial target - but they will still have the same
fundamental flaw.

jerry
--
// Jerry Heyman | "Software is the difference between
// Amiga Forever Smile

| hardware and reality"
\\ // heymanj.DeleteThis@acm.org |
\X/ http://bellsouthpwp.net/h/e/heymanj/

Anton Ertl · External Since: May 21, 2006 Posts: 179

Eric <reply.in.group.RemoveThis@nospam.no> writes:
>
>All else being equal, does Linux on a PPC tend to be more secure than on
>an i386?
>
>It seems that many of the Linux exploits seem to arise from things like
>buffer overflows that insert machine-language code into predictable places
>in the memory map, then the cracker is able to execute that machine
>language code as a privileged user to create a back door.
>
>It would seem that on average this would be less prevalent on PPC than on
>i386 if for no better reason than there are probably many more crackers
>out there that know i386 machine code than PPC machine code.
>
>Is that a reasonable assumption or am I dreaming?

Yes, you would be more secure against attackers aiming to crack just
some machines.

You would not be more secure against a determined attacker who is
specifically after your machine. Well, maybe a little: it might be a
little more costly and take a little more time to work out the attack,
because there are few other attackers working on it.

Note that there are also architecture-independent attacks (often with
data interpreted as scripting-language programs), and you won't be
more secure against those.

- anton
--
M. Anton Ertl Some things have to be seen to be believed
anton.RemoveThis@mips.complang.tuwien.ac.at Most things have to be believed to be seen
http://www.complang.tuwien.ac.at/anton/home.html