Dailydave mailing list archives
Re: Re: Hacking's American as Apple Cider
From: pageexec () freemail hu
Date: Wed, 14 Sep 2005 13:22:18 +0100
On 14 Sep 2005 at 12:20, Nick Drage wrote:
On Sat, Sep 10, 2005 at 08:30:32PM +0100, pageexec () freemail hu wrote:on the 'default permit' issue: it is not the dumbest idea, it is the only way that can scale in systems. take a (not exactly big by any measure) company with 1000 users and 1000 executable files that these users need. that's an access control matrix with a million elements. you tell me how you fill it in and maintain it in a way that is feasible and cost effective in the long term.When are users going to need *1000* executables? In a "standard" corporation / SME / whatever I would expect most people to only need up to 20 to do their day to day work.
you didn't pay attention, did you ;-). i said 'executable FILES', not merely 'executables' for a reason. when you run firefox, you not only get one 'executable' mapped into memory but 50 other libraries as well (give or take a few, you get the idea). in the 'default deny' world that means that you would have to explicitly exclude everything else 'executable' present in the system from being able to load into firefox (in addition to all the 'executables' that the given user is not supposed to run at all). ditto for all the other 'executables' of course (including interpreters and the scripts that can be fed into them). now, on my little development system at last count i had something like 3000 'executables files', presumably all of which i needed at one point in time (i.e., it's not just some default install of some distro). if you look at what a corporation of said magnitude (and that's not a big company as i said) installs for different users, you will easily get the 1000 'executables files', all of which must be dealt with in the access control matrix, should you want the 'default deny', that is.
As for those 1000 users, there will be entire swathes of them that have the same requirements because they essentially carry out the same task or do the same job, so they are effectively just the one users... suddenly that million element control matrix looks a lot, lot simpler.
well then, i'm waiting for the URL where i can buy the product that does the work, everything else is empty speculation or wishful thinking, which was kinda the point i was making. in security many people had ideas that would give us so nice security if we could just overcome this or that little detail, 'default deny' is no exemption to that.
I mean whitelisting this isn't trivial, especially for hosts,
does the access control matrix look 'a lot, lot simpler' or is this not trivial suddenly? somehow you can't have it both ways, i think ;-).
if it was we'd all be using SELinux by now,
now you know the reason for that (SELinux not being any particular example, other access control systems all run into the complexity and scalability problem eventually).
but at the moment Marcus looks like the special guest at a scarecrow convention, what with all the straw men being thrown his way...
what's the straw man here? you either apply 'default deny' consistently (and end up in obviously silly situations, i.e., you just prove that 'default deny' is not 'better' than 'default permit' in all cases) or you don't (then what's the 'default' in there?). also, now that you responded to this part of my mail, what's with a+x? do you agree that it's 'default permit' and hence insecure according to the 'default deny' paradigm? if so, why are you using it yourself? maybe because that's about the only sane and usable way of doing it? ;-)
Current thread:
- Re: Hacking's American as Apple Cider Marcus J. Ranum (Sep 09)
- Re: Re: Hacking's American as Apple Cider Dave Aitel (Sep 10)
- Re: Re: Hacking's American as Apple Cider Drsolly (Sep 10)
- Re: Re: Hacking's American as Apple Cider Marcus J. Ranum (Sep 10)
- Re: Re: Hacking's American as Apple Cider Nigel Houghton (Sep 10)
- Re: Re: Hacking's American as Apple Cider halvar (Sep 11)
- Re: Re: Hacking's American as Apple Cider ol (Sep 11)
- Re: Re: Hacking's American as Apple Cider Nate McFeters (Sep 11)
- Re: Re: Hacking's American as Apple Cider Drsolly (Sep 10)
- Re: Re: Hacking's American as Apple Cider Dave Aitel (Sep 10)
- Re: Re: Hacking's American as Apple Cider Nick Drage (Sep 14)
- Re: Re: Hacking's American as Apple Cider pageexec (Sep 14)
- Re: Default Deny on Executables Dave Aitel (Sep 14)
- Re: Default Deny on Executables miah (Sep 14)
- Re: Default Deny on Executables Simon B (Sep 14)
- Re: Default Deny on Executables Kurt Seifried (Sep 14)
- RE: Default Deny on Executables Sash (Sep 14)
- Re: Default Deny on Executables Eduardo Tongson (Sep 14)