Secure Coding mailing list archives
how far we still need to go
From: coley at linus.mitre.org (Steven M. Christey)
Date: Wed, 25 Jul 2007 11:43:53 -0400 (EDT)
On Wed, 25 Jul 2007, William L. Anderson wrote:
I am flabbergasted. When I first encountered Unix in 1983 I was taught that you always run as an ordinary user, and only use admin (root) privileges when needed. If OS X developers are running as admin, and building and testing their products as admin, well ... I'm still in shock. And I weep for the species.
Unfortunately, there's not much of a surprise here. The same problem exists for lots of Windows-based applications. I regard it as a leftover from the fact that these OSes were not designed to be multi-user, but the threat landscape has changed such that multiple users (or at least multiple roles for the same user?) are necessary. This will take a bit of time before it registers with the everyday computer user or developer of these mono-user systems. - Steve
Current thread:
- how far we still need to go William L. Anderson (Jul 25)
- how far we still need to go Steven M. Christey (Jul 25)
- how far we still need to go Kenneth Van Wyk (Jul 25)
- how far we still need to go Blue Boar (Jul 25)
- how far we still need to go William L. Anderson (Jul 25)
- how far we still need to go Dinis Cruz (Jul 25)
- how far we still need to go ljknews (Jul 25)
- how far we still need to go McGovern, James F (HTSC, IT) (Aug 28)
- how far we still need to go ljknews (Jul 25)