Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hypothetical design question

From: Fernando Schapachnik <fernando () mecon gov ar>
Date: Fri, 30 Jan 2004 14:23:44 +0000
En un mensaje anterior, Nick Lothian escribió:

The problem with "restricting malicious things" is that the 
same action can
be veiwed as desirable or malicious, depending on intent.  
Intent is an
intangible.  Computing systems tend to deal poorly with intangibles.

If I type 'rm -fr /', my intention is to prepare a machine 
for a new OS
load, prior to a reformat.  If an intruder types 'rm -fr /', 
his intentions
are *likely* (can't say for sure without directly asking the 
intruder!) to
be somewhat more malicious.

The OS has no way of determining who the "real" user is and 
which intention
is desirable and which isn't.  If you try to enumerate a list of
"potentially malicious code" that shouldn't be run from 
Application X you'll
be at it for the rest of your life; a never-ending, 
never-winning battle.
:-(


People interested in such approaches might want to take a look at tool developed
by Niels Provos: SysTrace. In short, you make a "recording" run of the tool to
capture what system calls it performs. Then the tool is forbidden to make any
other. It even takes account of parameters:
http://www.citi.umich.edu/u/provos/systrace/


Regards.

Fernando.
Previous By Date Next
Previous By Thread Next

Current thread: