Secure Coding mailing list archives
Re: DJB's students release 44 poorly-worded, overblown advisories
From: ljknews <ljknews () mac com>
Date: Mon, 20 Dec 2004 21:19:31 +0000
At 11:09 AM -0500 12/20/04, Paco Hope wrote:
I mean, if these things are "remote exploits," I could say "The entire OpenBSD operating system is remotely exploitable: if I email you an OpenBSD binary and you execute it, I 0wn you." Well, duh.
That risk is mitigated when an operating system has mandatory access controls (MAC) arranged so that users are not permitted to execute programs which they create or import. That capability is not quite within the Biba Integrity Extensions to the Bell-Lapadula model, but it is close. On most important systems there is no need for the users to be able to provide executable which they then run. Executables are provided by the system manager. -- Larry Kilgallen
Current thread:
- [Fwd: DJB's students release 44 *nix software vulnerability advisories] Gadi Evron (Dec 18)
- Re: DJB's students release 44 poorly-worded, overblown advisories Paco Hope (Dec 20)
- Re: DJB's students release 44 poorly-worded, overblown advisories ljknews (Dec 20)
- Re: Re: DJB's students release 44 poorly-worded, overblown advisories Crispin Cowan (Dec 22)
- Re: Re: DJB's students release 44 poorly-worded, overblown advisories ljknews (Dec 22)
- Re: DJB's students release 44 poorly-worded, overblown advisories ljknews (Dec 20)
- Re: Re: DJB's students release 44 poorly-worded, overblown advisories Crispin Cowan (Dec 20)
- Re: Re: DJB's students release 44 poorly-worded, overblownadvisories Paco Hope (Dec 20)
- Re: Re: DJB's students release 44 poorly-worded, overblown advisories Crispin Cowan (Dec 22)
- Re: DJB's students release 44 poorly-worded, overblown advisories Paco Hope (Dec 20)
- Re: DJB's students release 44 poorly-worded, overblown advisories dtalk-ml (Dec 20)
- <Possible follow-ups>
- RE: [Fwd: DJB's students release 44 *nix software vulnerability advisories] Shea, Brian A (Dec 20)
- RE: [Fwd: DJB's students release 44 *nix software vulnerability advisories] ljknews (Dec 20)
- Re: [Fwd: DJB's students release 44 *nix software vulnerability advisories] Crispin Cowan (Dec 21)
- Re: [Fwd: DJB's students release 44 *nix software vulnerability advisories] der Mouse (Dec 22)