On Wed, Feb 04, 2004 at 01:56:24PM +0000, Chris Higgins wrote:
> True - but only because we see the difference between
> data to be interpreted as a program, and data
> to be interpreted by a program.
if we want to discuss security seriously then yes, we have to make this
> How many people understand and can make that distinction ?
not many, but how many understand the various safety systems in their
cars. how ui's and the like contribute to end-user understanding (or
reduce the need for that understanding) is a different discussion.
> > executing untrusted code is a
> > step beyond that.
> Why ? Unless by saying 'executing' you mean 'intentionally executing',
> in which case I agree completely, and we're back to needing
> social engineering to get the user to 'execute' the code. However,
i really just mean executing in general. if it helps i'm just
discussing this on a "what mua designers and default config writers
should keep in mind" level. it's the same as a distro opening all ports
at install time. provide the user with rope and wood, but don't supply
them with a noose and gallows. yes, they can construct them, but they
might also create a gazebo and hammock.
> If it's postscript, then 'viewing' amounts to 'executing untrusted code'.
yes, but as i said it was fuzzy. it is possible for the interpreter to
catch those malicious actions. something that isn't quite as easy if
you just run straight binary code.
> So .sx? / .doc / .pdf / .ps / flash are 'beyond' because they contain code,
> but jpeg/gif etc are 'within' because they don't ?
again, i said it was fuzzy. as things get closer to the "executing"
side of the spectrum, you must take more care. an mua is designed from
the start to view untrusted data. a helper might not be. so each
helper should be assessed with that caution (by an mua developer, the
helper author or by a distro developer).
so a gs config that blocks the file read/write commands. or a wordviewer
that does not execute code in the word doc (i have a text one and a
gui one). and so on.
> That kinda puts most of the useful attachments into the 'beyond' camp
> (if I understand your inside/outside boundary)
again, perhaps i'm looking at this from a different perspective. this
isn't "end-user." i'm more interested in what mua and distro people
are doing. as linux users we should push distro makers to consider
these concerns - the same way people pushed the distro makers to make
installs more secure out of the box.
yes you want to view lots of attachments, but you also want security.
those goals are not exclusive, they're just hard.
linux has features and a culture that makes it less hard then in the ms
world - and ms is trying to copy some of those (and good - i hope they do)
- but it's still hard work. i only use mutt, so with it i see that most
of the work lives in the helper apps. they need to be more paranoid.
i assume with the gui apps that the helpers are probably in the mua
libraries themselves (be nice if they used plugger or something like it,
but i'm guessing no) so the hard work is in the mua itself.
and it seems to me that linux has easier vulnerabilities then the mua
anyway. the slapper (thanks paulj/rick) worm exploited apache (and
some of it's helpers), and the mta has always been a fun target in the
kevin at ie.suberic.net ....... financial math: if bill gates & 10,000 homeless
http://ie.suberic.net/~kevin/cgi-bin/blog .. guys are in a room, the average
net worth of each of them is over $1,000,000. now, why do you care what the
average bush tax "cut" was again? ........... http://www.deanforamerica.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://mail.linux.ie/pipermail/ilug/attachments/20040204/a12b84d4/attachment.pgp
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!