[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Friday 31 March 2006 10:18 pm, Neil Williams wrote: > Developers of packages that can be routinely expected to be run as root > (base level utils, CLI text editors etc.) therefore take precautions to > avoid certain code flaws that may expose a vulnerability later on etc. > Developers of the rest of the packages in the archive will do some of these > tests just out of good practice and to avoid/fix bugs that cause the > package to fail on certain platforms. This difference in expected usage > therefore leads to a LARGE difference at the source code level and a > relatively higher risk of vulnerabilities in programmes that most > developers would consider as "user-level-only". Typically, most GUI > programmes would be categorised as user-level only: web browsers, email > clients - anything that a system administrator would not be expected to > routinely use as the root user. Incidentally, this explains an element of Windows security problems, certainly during the life of Win9x which is the last Win platform that I studied in any depth. So far, I have seen no evidence that the principle has changed in XP. Internet Explorer is just a wrapper of Windows Explorer which in turn is tightly bound into low level system calls that, in the GNU world, would require root level permissions. What Windows developers call integration, GNU developers call inbuilt vulnerability. In the GNU world, it is accepted that writing a user-level programme, like a web browser, is an inherently different task to writing the kernel. They are different packages, different models and have completely separate memory space. Konqueror may be able to browse the web and the local filesystem without a join but it still runs only as a user. Microsoft seem to abandon this principle in the name of integration when in reality all that it does is expose root-level vulnerabilities in user-level code. A bug in IE can allow malware to tunnel straight down to root (or admin in Win-speak) privileged code and therefore undermines any security implemented elsewhere in the system. Imagine a bank that has a security guard on the front door and a tunnel in the street that leads straight into the vault. GNU/Linux may have similar tunnels from time to time but they only lead into the main lobby, not the vault. Logging into a GUI desktop as root redirects ALL those tunnels directly into the vault. At a stroke you undo ALL the security inherent in the GNU/Unix permissions model. It's absolute madness. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpRuYXQGFIvA.pgp
Description: PGP signature