Secure Coding mailing list archives
Re: Opinion re an interesting article on Linux security in Linux Journal
From: ljknews <ljknews () mac com>
Date: Wed, 10 Mar 2004 16:06:02 +0000
At 10:10 AM -0500 3/9/04, Kenneth R. van Wyk wrote:
So why do I feel that this is a Secure Coding issue and not (just) an OS security issue for Full-Disclosure and similar groups to discuss? IMHO, the issues that we're dealing with get straight to the heart of the design of the desktop environments that are being deployed. Sure, Linux has grown up with an arguably better separation of administrative and desktop users from day one, but even just a user-level email worm can be pretty frustrating (in case you haven't noticed from the size of your inbox in the last month or so).
It really is not a matter of secure coding, but rather of secure design.
Case in point, I just got KDE 3.2 on my PC over the weekend (thanks to the Debian-Sid distribution), and I'm seeing the email/PIM environment appearing more and more like Outlook. I can open an email attachment straight into its respective app with just 2 clicks of the mouse (although that's actually been possible for some time). That's not to say that doing so is a good idea, but give the common desktop user the _opportunity_ and...
To secure a machine from malware introduced by a naive user it is required that naive users not have the privilege to introduce software that can be executed by them or by other naive users.
Current thread:
- Opinion re an interesting article on Linux security in Linux Journal Kenneth R. van Wyk (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Alun Jones (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- <Possible follow-ups>
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
- Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 14)
- Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 16)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)