Secure Coding mailing list archives
RE: Opinion re an interesting article on Linux security in Linux Journal
From: "Michael S Hines" <mshines () purdue edu>
Date: Tue, 09 Mar 2004 19:44:07 +0000
You might want to take a look at Eric Raymond's writings on such things. He maintains it's a feature based issue - across platforms - which makes sense to me. See for example - http://www.catb.org/~esr/writings/taoup/html/ch07s03.html and especially the section on remote procedure calls (which can occur within the same server or across servers - especially message passing operating systems such as MS Windows, IBM MQSeries, etc) in Eric's book on "The Art of UNIX Programming". Which says in part... "With classical RPC, it's too easy to do things in a complicated and obscure way instead of keeping them simple. RPC seems to encourage the production of large, baroque, over-engineered systems with obfuscated interfaces, high global complexity, and serious version-skew and reliability problems - a perfect example of thick glue layers run amok. Windows COM and DCOM are perhaps the archetypal examples of how bad this can get, but there are plenty of others. Apple abandoned OpenDoc, and both CORBA and the once wildly hyped Java RMI have receded from view in the Unix world as people have gained field experience with them. This may well be because these methods don't actually solve more problems than they cause. Andrew S. Tanenbaum and Robbert van Renesse have given us a detailed analysis of the general problem in A Critique of the Remote Procedure Call Paradigm [Tanenbaum-VanRenesse], a paper which should serve as a strong cautionary note to anyone considering an architecture based on RPC. All these problems may predict long-term difficulties for the relatively few Unix projects that use RPC. Of these projects, perhaps the best known is the GNOME desktop effort.[77] These problems also contribute to the notorious security vulnerabilities of exposing NFS servers. " Mike Hines ----------------------------------- Michael S Hines [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kenneth R. van Wyk Sent: Tuesday, March 09, 2004 10:10 AM To: [EMAIL PROTECTED] Subject: [SC-L] Opinion re an interesting article on Linux security in Linux Journal I saw an interesting (at least to me) article in Linux Journal recently (see http://www.linuxjournal.com/article.php?sid=7366&mode=thread&order=0 for the full text). The author, Don Marti (editor-in-chief, Linux Journal) says a couple of things that the Linux software development community would be well advised to listen closely to, IMHO. In particular, he says, "All that's keeping us safe is that most programs for Linux don't make it easy to run attachments from incoming mail. But combine the right vulnerability in a common desktop app with a little social engineering, and you've got a Linux worm." Additionally, "With today's larger Linux user base and more desktop standardization, the next vulnerability will be a bigger risk." I think that we're seeing several of the features that have plagued the security of desktop Windows systems being increasingly incorporated into the desktops of Linux systems. Further, the Linux desktop is truly maturing and, along with that, we're getting closer and closer to a critical mass of users. So why do I feel that this is a Secure Coding issue and not (just) an OS security issue for Full-Disclosure and similar groups to discuss? IMHO, the issues that we're dealing with get straight to the heart of the design of the desktop environments that are being deployed. Sure, Linux has grown up with an arguably better separation of administrative and desktop users from day one, but even just a user-level email worm can be pretty frustrating (in case you haven't noticed from the size of your inbox in the last month or so). Case in point, I just got KDE 3.2 on my PC over the weekend (thanks to the Debian-Sid distribution), and I'm seeing the email/PIM environment appearing more and more like Outlook. I can open an email attachment straight into its respective app with just 2 clicks of the mouse (although that's actually been possible for some time). That's not to say that doing so is a good idea, but give the common desktop user the _opportunity_ and... I, for one, sure hope that the Linux world doesn't feel the need to learn the hard way. Cheers, Ken -- KRvW Associates, LLC http://www.KRvW.com
Current thread:
- Opinion re an interesting article on Linux security in Linux Journal Kenneth R. van Wyk (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Alun Jones (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- <Possible follow-ups>
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
- Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 14)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)