Secure Coding mailing list archives
RE: Hypothetical design question
From: "Dave Paris" <dparis () w3works com>
Date: Thu, 29 Jan 2004 15:17:58 +0000
The problem with "restricting malicious things" is that the same action can be veiwed as desirable or malicious, depending on intent. Intent is an intangible. Computing systems tend to deal poorly with intangibles. If I type 'rm -fr /', my intention is to prepare a machine for a new OS load, prior to a reformat. If an intruder types 'rm -fr /', his intentions are *likely* (can't say for sure without directly asking the intruder!) to be somewhat more malicious. The OS has no way of determining who the "real" user is and which intention is desirable and which isn't. If you try to enumerate a list of "potentially malicious code" that shouldn't be run from Application X you'll be at it for the rest of your life; a never-ending, never-winning battle. :-( Kind Regards, -dsp -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nick Lothian Sent: Wednesday, January 28, 2004 5:16 PM To: [EMAIL PROTECTED] Subject: RE: [SC-L] Hypothetical design question [...] On the other hand, the operating system/email client still needs to allow one-click execution of attachments - it should just restrict them from doing malicious things. Nick
Current thread:
- Re: Hypothetical design question, (continued)
- Re: Hypothetical design question Andreas Saurwein (Jan 28)
- RE: Hypothetical design question Alun Jones (Jan 28)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 02)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 03)
- RE: Hypothetical design question Jason Wilcox (Feb 03)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- RE: Hypothetical design question Robert Shields (Jan 28)
- RE: Hypothetical design question Nick Lothian (Jan 28)
- RE: Hypothetical design question ljknews (Jan 28)
- RE: Hypothetical design question Nick Lothian (Jan 28)
- RE: Hypothetical design question Dave Paris (Jan 29)
- RE: Hypothetical design question ljknews (Jan 29)
- Re: Hypothetical design question David A. Wheeler (Jan 29)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Hypothetical design question David Harmon (Jan 30)
- RE: Hypothetical design question David Crocker (Jan 30)
- RE: Hypothetical design question Alun Jones (Feb 01)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Re: Hypothetical design question Kenneth R. van Wyk (Jan 29)
- Re: Re: Hypothetical design question der Mouse (Jan 29)
- RE: Re: Hypothetical design question Alun Jones (Jan 30)