Secure Coding mailing list archives
Unclassified NSA document on .NET 2.0 Framework Security
From: steingra at gmail.com (Andy Steingruebl)
Date: Tue, 25 Nov 2008 10:57:14 -0800
On Tue, Nov 25, 2008 at 9:48 AM, Gunnar Peterson <gunnar at arctecgroup.net>wrote:
but actually the main point of my post and the one i would like to hear people's thoughts on - is to say that attempting to apply principle of least privilege in the real world often leads to drilling dry wells. i am not blaming any group in particular i am saying i think it is in the "too hard" pile for now and we as software security people should not be advocating for it until or unless we can find cost effective ways to implement it.
I'd love to hear someone from Microsoft talk about the creation of default ready for shipping service security profiles for Server-2008. Windows has lots of services and lots of privileges that can be configured. Every paper I've generally seen on the subject is about reverse engineering least privileges by reducing them, checking whether the software still functions, looking for access violations, and then increasing the privileges until things start working. A lot like this Calvin and Hobbes comic: CALVIN: How do they know the load limit on bridges, Dad? DAD: They drive bigger and bigger trucks over the bridge until it breaks. Then they weigh the last truck and rebuild the bridge. This is what we do with least privilege, but without ever knowing whether we've really gotten the least privileges, or not. Hell, in a modern operating system how the hell do you figure this out anyway? - Andy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20081125/b06b91e3/attachment.html
Current thread:
- Unclassified NSA document on .NET 2.0 Framework Security, (continued)
- Unclassified NSA document on .NET 2.0 Framework Security Gary McGraw (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Gunnar Peterson (Nov 25)
- Message not available
- Unclassified NSA document on .NET 2.0 Framework Security Gunnar Peterson (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Stephen Craig Evans (Nov 26)
- Regional differences in software security Gary McGraw (Nov 26)
- Regional differences in software security Kenneth Van Wyk (Nov 26)
- Regional differences in software security Stephen Craig Evans (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Susan Bradley (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Jerry Leichter (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Stephen Craig Evans (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Andy Steingruebl (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security ljknews (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Shea, Brian A (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Susan Bradley, CPA (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Dana Epp (Nov 25)