Dailydave mailing list archives
Re: Default Deny on Executables
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 14 Sep 2005 08:35:04 -0400
That URL would be: http://www.microsoft.com/windowsvista/default.mspxBecause last I checked making each binary signed is what Palladium does. You can do things like say "Only GPG and DLL's signed by GPG.com can access my sealed GPG key."
By default your box can come from Dell only running EXE's that are signed by vendors you trust. This wouldn't be a bad idea for a GRSec'd distribution either, imo. If you assume that you can trust the kernel (which is a pretty big assumption, but not everyone is Paul Starzetz) you can do similar stuff without special hardware, I think. :>
-dave pageexec () freemail hu wrote:
On 14 Sep 2005 at 12:20, Nick Drage wrote:On Sat, Sep 10, 2005 at 08:30:32PM +0100, pageexec () freemail hu wrote:you didn't pay attention, did you ;-). i said 'executable FILES', not merely 'executables' for a reason. when you run firefox, you not only get one 'executable' mapped into memory but 50 other libraries as well (give or take a few, you get the idea). in the 'default deny' world that means that you would have to explicitly exclude everything else 'executable' present in the system from being able to load into firefox (in addition to all the 'executables' that the given user is not supposed to run at all). ditto for all the other 'executables' of course (including interpreters and the scripts that can be fed into them). now, on my little development system at last count i had something like 3000 'executables files', presumably all of which i needed at one point in time (i.e., it's not just some default install of some distro). if you look at what a corporation of said magnitude (and that's not a big company as i said) installs for different users, you will easily get the 1000 'executables files', all of which must be dealt with in the access control matrix, should you want the 'default deny', that is.As for those 1000 users, there will be entire swathes of them that have the same requirements because they essentially carry out the same task or do the same job, so they are effectively just the one users... suddenly that million element control matrix looks a lot, lot simpler.well then, i'm waiting for the URL where i can buy the product that does the work, everything else is empty speculation or wishful thinking, which was kinda the point i was making. in security many people had ideas that would give us so nice security if we could just overcome this or that little detail, 'default deny' is no exemption to that.
Current thread:
- Re: Re: Hacking's American as Apple Cider, (continued)
- Re: Re: Hacking's American as Apple Cider Dave Aitel (Sep 10)
- Re: Re: Hacking's American as Apple Cider Drsolly (Sep 10)
- Re: Re: Hacking's American as Apple Cider Marcus J. Ranum (Sep 10)
- Re: Re: Hacking's American as Apple Cider Nigel Houghton (Sep 10)
- Re: Re: Hacking's American as Apple Cider halvar (Sep 11)
- Re: Re: Hacking's American as Apple Cider ol (Sep 11)
- Re: Re: Hacking's American as Apple Cider Nate McFeters (Sep 11)
- Re: Re: Hacking's American as Apple Cider Drsolly (Sep 10)
- Re: Re: Hacking's American as Apple Cider Dave Aitel (Sep 10)
- Re: Re: Hacking's American as Apple Cider Nick Drage (Sep 14)
- Re: Re: Hacking's American as Apple Cider pageexec (Sep 14)
- Re: Default Deny on Executables Dave Aitel (Sep 14)
- Re: Default Deny on Executables miah (Sep 14)
- Re: Default Deny on Executables Simon B (Sep 14)
- Re: Default Deny on Executables Kurt Seifried (Sep 14)
- RE: Default Deny on Executables Sash (Sep 14)
- Re: Default Deny on Executables Eduardo Tongson (Sep 14)