Unclassified NSA document on .NET 2.0 Framework Security

[ljknews at mac.com (ljknews)]

At 9:32 PM -0800 11/25/08, Brian Chess wrote:

> Larry, I'm not sure I get your meaning.  You say you don't think it's a
> dry well, but then you say programmers ignore the privilege management
> facilities at their disposal.

I mean they ignore it until security overseers (800.53a, PCI DSS,
8500.2 evaluators) come by and force them to fix it.

> At 10:57 AM -0800 11/25/08, Andy Steingruebl wrote:
> > On Tue, Nov 25, 2008 at 9:48 AM, Gunnar Peterson
> > <<<mailto:gunnar at arctecgroup.net>gunnar at arctecgroup.net>mailto:gunnar at arctecgroup.net>gunnar at 
> > arctecgroup.net>
> > wrote:
> >
> >
> > but actually the main point of my post and the one i would like to
> > hear people's thoughts on - is to say that attempting to apply
> > principle of least privilege in the real world often leads to drilling
> > dry wells. i am not blaming any group in particular i am saying i
> > think it is in the "too hard" pile for now and we as software security
> > people should not be advocating for it until or unless we can find
> > cost effective ways to implement it.
>
> Certainly it is not a dry well.  For the operating system I deal
> with, application programmers _consistently_ ignore the facility
> provided for fine-grained access to files and leave users with
> coarse-grained access as their only recourse.

So attempting to apply it is not a dry well and not too hard -
just typically done as a retrofit due to political rather than
techical circumstance.

I had a friend who was working on software where multi-million
dollar accounts failed to balance correctly.  That defect got
considerable management attention.  The same _could_ be done
for security.
-- 
Larry Kilgallen