Secure Coding mailing list archives
Re: Hypothetical design question
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Thu, 29 Jan 2004 18:20:24 +0000
Michael S Hines wrote: A FreeBSD user was trying to execute the new macro virus circulating (MyDOOM) and couldn't seem to replicate the problem the Windows users were seeing. Another AlphaVMS user was having the same problem. Which is to say - it does seem to be an Operating System design flaw, to me - not necessarily a mail client issue. I don't believe that those facts support your conclusion. All that they prove is that the virus in question is Windows specific. Had the virus contained a Linux executable and had Linux users run the attachment, then I'd venture to bet that it would have run there just fine. Consider - why do we have a Java Sandbox, and allow other executable files to run 'in the wild' (without contraints for authorizaion or authentication). I agree that a sandbox model, like the one used by default for Java applets, can be beneficial for running unknown code. Click and run is the mistake... I think. Why would a user be allowed to execute a program they wouldn't be allowed to install on their machine, otherwise (if proper controls are in place)? This is a flaw in the security mechanism of the OS. I'm not a big fan of click and run either, but it's out there now and I doubt that the end user population will voluntarily give that ability up. That was one of my points in posing this hypothetical question. I'm not so convinced that a reasonable solution couldn't be designed at the app level, though. After all, the Java sandbox that you cite runs in user space. I look at Wietse Venema's Postfix as a superb example of an elegant design solution to a difficult set of problems (admittedly for an MTA, not an MUA). His use of compartmentalization and separation of privilege is ingenious, IMHO. Cheers, Ken van Wyk
Current thread:
- Hypothetical design question Kenneth R. van Wyk (Jan 27)
- Re: Hypothetical design question Paco Hope (Jan 27)
- Re: Hypothetical design question Andreas Saurwein (Jan 28)
- RE: Hypothetical design question Dave Paris (Jan 28)
- RE: Hypothetical design question Andreas Saurwein (Jan 28)
- RE: Hypothetical design question Dave Paris (Jan 28)
- RE: Hypothetical design question Michael S Hines (Jan 28)
- Re: Hypothetical design question Kenneth R. van Wyk (Jan 29)
- Re: Hypothetical design question Andreas Saurwein (Jan 28)
- Re: Hypothetical design question Paco Hope (Jan 27)
- Re: Hypothetical design question Paco Hope (Jan 28)
- Re: Hypothetical design question Dave Aronson (Jan 28)
- Re: Hypothetical design question Andreas Saurwein (Jan 28)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 03)
- RE: Hypothetical design question Jason Wilcox (Feb 03)
- <Possible follow-ups>
- RE: Hypothetical design question Robert Shields (Jan 28)
- RE: Hypothetical design question Nick Lothian (Jan 28)