Secure Coding mailing list archives
RE: Hypothetical design question
From: ljknews <ljknews () mac com>
Date: Thu, 29 Jan 2004 15:17:58 +0000
At 8:45 AM +1030 1/29/04, Nick Lothian wrote:
I think either the email client or the operating system needs to protect the user from malicious programs _by default_ (on a non-professionally administered system). I don't think an email client can do this, and I'm not aware of any operating system that really supplies this protection (although most can be configured to provide some protection. Perhaps capability based operating systems do this?)
I would think MVS provides this capability, as Mandatory Access Control (where the user cannot change the protection) is sort of built in.
On the other hand, the operating system/email client still needs to allow one-click execution of attachments - it should just restrict them from doing malicious things.
Specifying that is a lot easier than implementing it :-)
Current thread:
- RE: Hypothetical design question, (continued)
- RE: Hypothetical design question Alun Jones (Jan 28)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 02)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 03)
- RE: Hypothetical design question Jason Wilcox (Feb 03)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- RE: Hypothetical design question Robert Shields (Jan 28)
- RE: Hypothetical design question Nick Lothian (Jan 28)
- RE: Hypothetical design question ljknews (Jan 28)
- RE: Hypothetical design question Nick Lothian (Jan 28)
- RE: Hypothetical design question Dave Paris (Jan 29)
- RE: Hypothetical design question ljknews (Jan 29)
- Re: Hypothetical design question David A. Wheeler (Jan 29)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Hypothetical design question David Harmon (Jan 30)
- RE: Hypothetical design question David Crocker (Jan 30)
- RE: Hypothetical design question Alun Jones (Feb 01)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Re: Hypothetical design question Kenneth R. van Wyk (Jan 29)
- Re: Re: Hypothetical design question der Mouse (Jan 29)
- RE: Re: Hypothetical design question Alun Jones (Jan 30)
- Re: Re: Hypothetical design question Jose Nazario (Jan 30)