Secure Coding mailing list archives
RE: Hypothetical design question
From: ljknews <ljknews () mac com>
Date: Wed, 28 Jan 2004 16:45:48 +0000
At 1:11 PM +1030 1/28/04, Nick Lothian wrote:
In other words, could an email client be designed and implemented that would satisfy both the users and the security requirements? Or, is the problem too difficult without sacrificing some functionality?I think the problem is too difficult. Given the email infrastructure we have at the moment, I think the only way to make a secure email client it to make one that only renders plain text, and strips all attachments.
That describes my normal email client (but not the one I use for mailing lists).
In dream mode, though: One hypothetical idea is to have some kind of persistent codebase on all attachments received. The operating system would then need to enforce permission checks based on this codebase (that could get pretty tricky - what happens when an attached word document is opened - How does the OS decide what calls are being done by the program, and what is being done by the document?).
In general (not email) security discussions, a strong solution is to use operating system Mandatory Access Control to prevent users from executing any software not provided by the system manager. That may be too restrictive for those who read this list, but it would be just fine for a great many "computer users".
Current thread:
- Re: Hypothetical design question, (continued)
- Re: Hypothetical design question Paco Hope (Jan 28)
- Re: Hypothetical design question Dave Aronson (Jan 28)
- Re: Hypothetical design question Andreas Saurwein (Jan 28)
- RE: Hypothetical design question Alun Jones (Jan 28)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 02)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 03)
- RE: Hypothetical design question Jason Wilcox (Feb 03)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- RE: Hypothetical design question ljknews (Jan 28)
- RE: Hypothetical design question Dave Paris (Jan 29)
- RE: Hypothetical design question ljknews (Jan 29)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Hypothetical design question David Harmon (Jan 30)
- RE: Hypothetical design question David Crocker (Jan 30)
- RE: Hypothetical design question Alun Jones (Feb 01)
- Re: Re: Hypothetical design question Kenneth R. van Wyk (Jan 29)