Secure Coding mailing list archives

Re: Re: DJB's students release 44 poorly-worded, overblown advisories

From: Crispin Cowan <crispin () immunix com>
Date: Wed, 22 Dec 2004 15:44:22 +0000


ljknews wrote:


On most important systems there is no need for the users to be able
to provide executable which they then run.  Executables are provided
by the system manager.
 

While I am sympathetic to this point of view, it is no longer relevant 
to the modern context, where many data formats end up being executable, 
e.g. Office documents with executable macros in them.


Securing a MAC system in which the users are hog-tied is easy. The trick 
is to provide reasonable security *and* reasonable usability.


Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com

Current thread:

[Fwd: DJB's students release 44 *nix software vulnerability advisories] Gadi Evron (Dec 18)
- Re: DJB's students release 44 poorly-worded, overblown advisories Paco Hope (Dec 20)
  - Re: DJB's students release 44 poorly-worded, overblown advisories ljknews (Dec 20)
    - Re: Re: DJB's students release 44 poorly-worded, overblown advisories Crispin Cowan (Dec 22)
    - Re: Re: DJB's students release 44 poorly-worded, overblown advisories ljknews (Dec 22)
  - Re: Re: DJB's students release 44 poorly-worded, overblown advisories Crispin Cowan (Dec 20)
    - Re: Re: DJB's students release 44 poorly-worded, overblownadvisories Paco Hope (Dec 20)
    - Re: Re: DJB's students release 44 poorly-worded, overblown advisories Crispin Cowan (Dec 22)
  - Re: DJB's students release 44 poorly-worded, overblown advisories dtalk-ml (Dec 20)
- <Possible follow-ups>
- RE: [Fwd: DJB's students release 44 *nix software vulnerability advisories] Shea, Brian A (Dec 20)
  - RE: [Fwd: DJB's students release 44 *nix software vulnerability advisories] ljknews (Dec 20)
  - Re: [Fwd: DJB's students release 44 *nix software vulnerability advisories] Crispin Cowan (Dec 21)
    - Re: [Fwd: DJB's students release 44 *nix software vulnerability advisories] der Mouse (Dec 22)
    - Re: [Fwd: DJB's students release 44 *nix software vulnerability advisories] ljknews (Dec 22)