Secure Coding mailing list archives

RE: Opinion re an interesting article on Linux security in Linux Journal

From: "Michael S Hines" <mshines () purdue edu>
Date: Tue, 09 Mar 2004 19:44:07 +0000

You might want to take a look at Eric Raymond's writings on such things.  He
maintains it's a feature based issue - across platforms - which makes sense
to me.

See for example - http://www.catb.org/~esr/writings/taoup/html/ch07s03.html
and especially the section on remote procedure calls (which can occur within
the same server or across servers - especially message passing operating
systems such as MS Windows, IBM MQSeries, etc) in Eric's book on "The Art of
UNIX Programming".

Which says in part...
"With classical RPC, it's too easy to do things in a complicated and obscure
way instead of keeping them simple. RPC seems to encourage the production of
large, baroque, over-engineered systems with obfuscated interfaces, high
global complexity, and serious version-skew and reliability problems - a
perfect example of thick glue layers run amok.

Windows COM and DCOM are perhaps the archetypal examples of how bad this can
get, but there are plenty of others. Apple abandoned OpenDoc, and both CORBA
and the once wildly hyped Java RMI have receded from view in the Unix world
as people have gained field experience with them. This may well be because
these methods don't actually solve more problems than they cause.

Andrew S. Tanenbaum and Robbert van Renesse have given us a detailed
analysis of the general problem in A Critique of the Remote Procedure Call
Paradigm [Tanenbaum-VanRenesse], a paper which should serve as a strong
cautionary note to anyone considering an architecture based on RPC.

All these problems may predict long-term difficulties for the relatively few
Unix projects that use RPC. Of these projects, perhaps the best known is the
GNOME desktop effort.[77] These problems also contribute to the notorious
security vulnerabilities of exposing NFS servers. "

Mike Hines
-----------------------------------
Michael S Hines
[EMAIL PROTECTED]

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Kenneth R. van Wyk
Sent: Tuesday, March 09, 2004 10:10 AM
To: [EMAIL PROTECTED]
Subject: [SC-L] Opinion re an interesting article on Linux security in Linux
Journal


I saw an interesting (at least to me) article in Linux Journal recently (see

http://www.linuxjournal.com/article.php?sid=7366&mode=thread&order=0 for the

full text).  The author, Don Marti (editor-in-chief, Linux Journal) says a
couple of things that the Linux software development community would be well

advised to listen closely to, IMHO.

In particular, he says, "All that's keeping us safe is that most programs
for
Linux don't make it easy to run attachments from incoming mail. But combine
the right vulnerability in a common desktop app with a little social
engineering, and you've got a Linux worm."  Additionally, "With today's
larger Linux user base and more desktop standardization, the next
vulnerability will be a bigger risk."

I think that we're seeing several of the features that have plagued the
security of desktop Windows systems being increasingly incorporated into the

desktops of Linux systems.  Further, the Linux desktop is truly maturing
and,
along with that, we're getting closer and closer to a critical mass of
users.

So why do I feel that this is a Secure Coding issue and not (just) an OS
security issue for Full-Disclosure and similar groups to discuss?  IMHO, the

issues that we're dealing with get straight to the heart of the design of
the
desktop environments that are being deployed.  Sure, Linux has grown up with

an arguably better separation of administrative and desktop users from day
one, but even just a user-level email worm can be pretty frustrating (in
case
you haven't noticed from the size of your inbox in the last month or so).

Case in point, I just got KDE 3.2 on my PC over the weekend (thanks to the
Debian-Sid distribution), and I'm seeing the email/PIM environment appearing

more and more like Outlook.  I can open an email attachment straight into
its
respective app with just 2 clicks of the mouse (although that's actually
been
possible for some time).  That's not to say that doing so is a good idea,
but give
the common desktop user the _opportunity_ and...

I, for one, sure hope that the Linux world doesn't feel the need to learn
the
hard way.

Cheers,

Ken
--
KRvW Associates, LLC
http://www.KRvW.com

Current thread:

Opinion re an interesting article on Linux security in Linux Journal Kenneth R. van Wyk (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)
  - Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
    - RE: Opinion re an interesting article on Linux security in Linux Journal Alun Jones (Mar 10)
    - Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
  - Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- <Possible follow-ups>
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
  - Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
    - Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 14)

(Thread continues...)