Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hypothetical design question

From: "Michael S Hines" <mshines () purdue edu>
Date: Wed, 28 Jan 2004 19:07:00 +0000
An interesting dialog appeared on the PLUG* mailing list this morning.

A FreeBSD user was trying to execute the new macro virus circulating
(MyDOOM) and couldn't seem to replicate the problem the Windows users were
seeing.

Another AlphaVMS user was having the same problem.

Which is to say - it does seem to be an Operating System design flaw, to me
- not necessarily a mail client issue.

Consider - why do we have a Java Sandbox, and allow other executable files
to run 'in the wild' (without contraints for authorizaion or
authentication).  Click and run is the mistake...  I think. Why would a user
be allowed to execute a program they wouldn't be allowed to install on their
machine, otherwise (if proper controls are in place)?  This is a flaw in the
security mechanism of the OS.

Mike Hines

*PLUG = Purdue Linux Users Group

-----------------------------------
Michael S Hines
[EMAIL PROTECTED]
Previous By Date Next
Previous By Thread Next

Current thread: