Dailydave mailing list archives
We have met the enemy, and the enemy is ... you.
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 10 Apr 2006 12:44:50 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't know who "you" is exactly, but it's whoever is trying to replicate the failures of Argus Pitbull on the rest of us. Argus Pitbull, for those of you who only remember it because LSD-PL owned it a while back during a contest and never got paid, was a version of Solaris and Linux that added different "roles" to the users and claimed that "Even with root, you still can't get anywhere on our boxes." And this was basically true. In protecting themselves from hackers, the Argus Pitbull kernels also protected themselves from being managed or used. Now Linux and potentially Windows, are making these same mistakes. I will say, to clear things up, that one thing I have very little faith in, is whitelists. I know it's possible that you have a great whitelist on your IE or Firefox or whatever, but I seriously doubt our bookkeeper is going to be able to handle the additional frustration of having things randomly fail that she's trying to do. On the other hand, I don't want her getting owned by some hacker with a Firefox bug. So we'll let her get annoyed every so often. She already hates everything but apple computers anyways. Myself, on the other hand, can deal with all sorts of random failures, theoretically. And this brings me to the subject of today's annoyance: Fedora Core 5. I dunno who rushed this thing out the door, but it's clearly not ready for human consumption. SElinux comes turned on - and it's a huge mistake. I don't think anyone is smart enough to configure Apache with SELinux. I've installed Apache maybe 20 times in my life, which is plenty, and I eventually realized it was SELinux and just turned the damn thing off after an hour of trying to fix it. And SELinux breaks WingIDE by default too unless you have some random option turned on in the inane configuration menu. Here's a hint to people developing whitelist-based HIDS. Don't. And if you do, please provide some sort of user interface beyond typing "dmesg" and trying to read this and figure out what's broken: audit(114460616:332:10): avc: granted { execmem } for pid 2221 comm="nautilus" scontext=root:system_r:unconfined_t:s0-s0:c0.c255 tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=process That's almost as bad as Vista's "Do you really want to run the program LRZQQQQ111100000" dialog box that pops up constantly for no good reason now. Another thing Vista and Fedora Core 5 share is that they both squeezed down the buttons for closing, maximizing, and minimizing windows. I dunno why they want them as rectangles, but I guess some human interface group suggested it. Looks weird - but at least it's a NEW mistake, and not one Argus did a bunch of years back. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEOouBB8JNm+PA+iURAmkOAJwJ6nmkFhiyTQ4Qyp9oh6Jfe8WQCACeKHEB v31gkZzhrqeI4g90HsyX9So= =UbFZ -----END PGP SIGNATURE-----
Current thread:
- We have met the enemy, and the enemy is ... you. Dave Aitel (Apr 10)
- <Possible follow-ups>
- RE: We have met the enemy, and the enemy is ... you. Kyle Quest (Apr 10)
- Re: We have met the enemy, and the enemy is ... you. Chris Anley (Apr 11)
- Re: We have met the enemy, and the enemy is ... you. TINNES Julien RD-MAPS-ISS (Apr 13)
- Re: We have met the enemy, and the enemy is ... you. Chris Anley (Apr 11)
- RE: We have met the enemy, and the enemy is ... you. Knape, Joe (Apr 11)
- Re: We have met the enemy, and the enemy is ... you. Joel Eriksson (Apr 11)
- RE: We have met the enemy, and the enemy is ... you. pageexec (Apr 11)
- RE: We have met the enemy, and the enemy is ... you. redsand (Apr 11)
- Re: We have met the enemy, and the enemy is ... you. Dave Aitel (Apr 11)
- Re: We have met the enemy, and the enemy is ... you. toby (Apr 12)
- Re: We have met the enemy, and the enemy is ... you. Ian Melven (Apr 11)