Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Opinion re an interesting article on Linux security in Linux Journal

From: ljknews <ljknews () mac com>
Date: Wed, 10 Mar 2004 16:06:02 +0000
At 10:10 AM -0500 3/9/04, Kenneth R. van Wyk wrote:


So why do I feel that this is a Secure Coding issue and not (just) an OS 
security issue for Full-Disclosure and similar groups to discuss?  IMHO, the 
issues that we're dealing with get straight to the heart of the design of the 
desktop environments that are being deployed.  Sure, Linux has grown up with 
an arguably better separation of administrative and desktop users from day 
one, but even just a user-level email worm can be pretty frustrating (in case 
you haven't noticed from the size of your inbox in the last month or so).


It really is not a matter of secure coding, but rather of secure design.


Case in point, I just got KDE 3.2 on my PC over the weekend (thanks to the 
Debian-Sid distribution), and I'm seeing the email/PIM environment appearing 
more and more like Outlook.  I can open an email attachment straight into its 
respective app with just 2 clicks of the mouse (although that's actually been 
possible for some time).  That's not to say that doing so is a good idea, but give 
the common desktop user the _opportunity_ and...


To secure a machine from malware introduced by a naive user it is required
that naive users not have the privilege to introduce software that can be
executed by them or by other naive users.
Previous By Date Next
Previous By Thread Next

Current thread: