> To use the real-life example, an unpatched Windows [...] Even if I > do not connect the machine to any network, the moment I open any > document that the machine itself did not create, I expose it to all > sorts of macros, scripts and embedded content which can hose or > exploit my applications.
Quite. A good argument against providing extension languages with the capability of modifying...well, pretty much anything outside the file the code is embedded in, and arguasbly even that. > The same weaknesses apply to operating systems and applications > generally. Only if they insist on executing code from sources such as "documents" from elsewhere, giving it capabilities like writing files (or semi-equivalent capabilities such as modifying the windows registry). I, for example, do not "open" "documents"; I display and/or edit files, and the display and editor programs do not provide any kind of live-content support to the files in question. (I do occasionally run PostScript or PDF code, but when such programs come from untrusted sources I tell the PS/PDF engine to disable the primitives for writing files and the like.) This is not to say that programs are bug-free, only that outright bugs provide any way for such things to execute content. I fully expect that evolutionary pressures will end up killing off live content, or at least live content that provides support for making non-transient state changes such as writing files. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
