Secure Coding mailing list archives
RE: Hypothetical design question
From: "Alun Jones" <alun () texis com>
Date: Wed, 04 Feb 2004 19:27:00 +0000
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 10:06 AM You left out an intermediate possibility: implementation realities. While it is true that privilege separation can be accomplished in Windows NT derivatives, it usually isn't in practice, particularly with home users. This is not true of Unix-like consumer operating systems (even OS X), which were designed with privilege separation in mind, and whose user bases are accustomed to it.
I thought I covered it with "Another societal benefit is that Linux users are used to running as non-admins." Thanks for the extra clarifications.
Absent a software bug, the worst that I'm likely do to myself as a non-privileged user on an out-of-the-box Red Hat system is destroy my own data and send a lot of bogus email -- not trash my operating system, as so often happens to Windows users who are accustomed to running with administrative privileges.
While that's important to protecting _your_ system, of course that isn't much help to those of us that are receiving a hail of virus-infected emails (dragging this back to where we started). If users can send emails, and users' processes become infected, then it really doesn't matter, to the outside world, whether those users are administrators or not. And if your system is running a subverted process, even inside of a user's privileges, it's still executing unauthorised code. To most corporations, a user damaging his/her own data, and data that he/she is allowed access to, can be as damaging as a root invasion. That's why a lot of corporations strictly limit what applications may be run, and only allow admins to install new applications or updates. [Of course, there's also the prevalence of privilege elevation attacks - on a number of operating systems - that can turn even a non-admin infection into a root infection.] Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | [EMAIL PROTECTED] Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Current thread:
- RE: Re: Hypothetical design question, (continued)
- RE: Re: Hypothetical design question Carl G. Alphonce (Jan 30)
- RE: Hypothetical design question Jeremy Epstein (Jan 30)
- Re: Hypothetical design question der Mouse (Jan 31)
- RE: Hypothetical design question Shea, Brian A (Jan 31)
- RE: Hypothetical design question ljknews (Feb 01)
- RE: Hypothetical design question Alun Jones (Feb 02)
- RE: Hypothetical design question ljknews (Feb 03)
- Re: Hypothetical design question Crispin Cowan (Feb 04)
- RE: Hypothetical design question Alun Jones (Feb 04)
- RE: Hypothetical design question dtalk-ml (Feb 04)
- RE: Hypothetical design question Alun Jones (Feb 04)
- Re: Hypothetical design question Crispin Cowan (Feb 05)
- RE: Hypothetical design question ljknews (Feb 01)