Secure Coding mailing list archives
RE: Hypothetical design question
From: Nick Lothian <nl () essential com au>
Date: Fri, 30 Jan 2004 02:29:26 +0000
The problem with "restricting malicious things" is that the same action can be veiwed as desirable or malicious, depending on intent. Intent is an intangible. Computing systems tend to deal poorly with intangibles. If I type 'rm -fr /', my intention is to prepare a machine for a new OS load, prior to a reformat. If an intruder types 'rm -fr /', his intentions are *likely* (can't say for sure without directly asking the intruder!) to be somewhat more malicious. The OS has no way of determining who the "real" user is and which intention is desirable and which isn't. If you try to enumerate a list of "potentially malicious code" that shouldn't be run from Application X you'll be at it for the rest of your life; a never-ending, never-winning battle. :-(
Exactly. That is why I dreamed up the persistant codebase thing. Nothing recieved from email should ever be able to execute rm -rf, nor should it ever be able to send email itself, nor open sockets, etc - even if it has been saved to disk and is being executed later.
Current thread:
- RE: Hypothetical design question, (continued)
- RE: Hypothetical design question Alun Jones (Feb 01)
- Re: Hypothetical design question Ken Goldman (Jan 29)
- Re: Re: Hypothetical design question Kenneth R. van Wyk (Jan 29)
- Re: Re: Hypothetical design question der Mouse (Jan 29)
- RE: Re: Hypothetical design question Alun Jones (Jan 30)
- Re: Re: Hypothetical design question Jose Nazario (Jan 30)
- Re: Re: Hypothetical design question der Mouse (Jan 31)
- RE: Re: Hypothetical design question Michael S Hines (Jan 30)
- RE: Re: Hypothetical design question Ben Corneau (Jan 31)
- RE: Re: Hypothetical design question Alun Jones (Feb 01)
- RE: Hypothetical design question Nick Lothian (Jan 29)
- Re: Hypothetical design question der Mouse (Jan 30)
- Re: Hypothetical design question Glenn and Mary Everhart (Jan 30)
- Re: Hypothetical design question Fernando Schapachnik (Jan 30)
- RE: Re: Hypothetical design question Nick Lothian (Jan 29)
- Re: Hypothetical design question Greenarrow 1 (Jan 30)
- RE: Re: Hypothetical design question Carl G. Alphonce (Jan 30)
- RE: Hypothetical design question Jeremy Epstein (Jan 30)
- Re: Hypothetical design question der Mouse (Jan 31)
- RE: Hypothetical design question Shea, Brian A (Jan 31)
- RE: Hypothetical design question ljknews (Feb 01)