We have met the enemy, and the enemy is ... you.

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't know who "you" is exactly, but it's whoever is trying to
replicate the failures of Argus Pitbull on the rest of us. Argus
Pitbull, for those of you who only remember it because LSD-PL owned it
a while back during a contest and never got paid, was a version of
Solaris and Linux that added different "roles" to the users and
claimed that "Even with root, you still can't get anywhere on our
boxes." And this was basically true. In protecting themselves from
hackers, the Argus Pitbull kernels also protected themselves from
being managed or used.

Now Linux and potentially Windows, are making these same mistakes. I
will say, to clear things up, that one thing I have very little faith
in, is whitelists. I know it's possible that you have a great
whitelist on your IE or Firefox or whatever, but I seriously doubt our
bookkeeper is going to be able to handle the additional frustration of
having things randomly fail that she's trying to do.

On the other hand, I don't want her getting owned by some hacker with
a Firefox bug. So we'll let her get annoyed every so often. She
already hates everything but apple computers anyways.

Myself, on the other hand, can deal with all sorts of random failures,
theoretically. And this brings me to the subject of today's annoyance:
Fedora Core 5. I dunno who rushed this thing out the door, but it's
clearly not ready for human consumption. SElinux comes turned on - and
it's a huge mistake. I don't think anyone is smart enough to configure
Apache with SELinux. I've installed Apache maybe 20 times in my life,
which is plenty, and I eventually realized it was SELinux and just
turned the damn thing off after an hour of trying to fix it. And
SELinux breaks WingIDE by default too unless you have some random
option turned on in the inane configuration menu.

Here's a hint to people developing whitelist-based HIDS. Don't. And if
you do, please provide some sort of user interface beyond typing
"dmesg" and trying to read this and figure out what's broken:

audit(114460616:332:10): avc: granted { execmem } for pid 2221
comm="nautilus" scontext=root:system_r:unconfined_t:s0-s0:c0.c255
tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=process

That's almost as bad as Vista's "Do you really want to run the program
LRZQQQQ111100000" dialog box that pops up constantly for no good
reason now.

Another thing Vista and Fedora Core 5 share is that they both squeezed
down the buttons for closing, maximizing, and minimizing windows. I
dunno why they want them as rectangles, but I guess some human
interface group suggested it. Looks weird - but at least it's a NEW
mistake, and not one Argus did a bunch of years back.

- -dave


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEOouBB8JNm+PA+iURAmkOAJwJ6nmkFhiyTQ4Qyp9oh6Jfe8WQCACeKHEB
v31gkZzhrqeI4g90HsyX9So=
=UbFZ
-----END PGP SIGNATURE-----