Re: So, the security industry has given up on the principles of least privilege and separation?

[Michal Zalewski <lcamtuf () coredump cx>]

> That made me snort into my breakfast cereals, I can tell you.  Has the
> entire security industry abandoned all hope of using the principle of least
> privilege and limited user accounts, or just him?

Secunia is talking about reality, not hopes and dreams. In reality,
the industry came up with three specific options:

1) "Limited" user accounts - which does not really add an appreciable
value in this context: "hey, so, your bank account is owned and mail
stolen, and your user account backdoored, but at least you *maybe* do
not have to scrape the entire box (no promises!)".

2) Sandboxed / ACLed processes - which is slightly better, but still
pretty sucky when dealing with complex, monolithic software: "yo dude,
so we restricted your mail client only to do the things it is supposed
to do, that is, reading and writing local files, communicating with
the network and changing network settings, and of course sending your
passwords and reading back your mail; you happy now?".

3) Invisible unicorns - that is, proposals to rework all software to
compartmentalize privileges, then ensure robust cross-component
control flow supervision and policing. Yeah, great, but also extremely
unlikely to be feasible in most contexts, unless you also find out a
method to convince software vendors to follow your vision and foot the
bill for significant overhead.

So I'm not sure what makes Secunia statement outrageous, or what
specific, feasible hopes we decided to give up on?

/mz
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave