At 11:09 AM -0500 12/20/04, Paco Hope wrote: >I mean, if these things are "remote exploits," I could say "The entire >OpenBSD operating system is remotely exploitable: if I email you an OpenBSD >binary and you execute it, I 0wn you." Well, duh.
That risk is mitigated when an operating system has mandatory access controls (MAC) arranged so that users are not permitted to execute programs which they create or import. That capability is not quite within the Biba Integrity Extensions to the Bell-Lapadula model, but it is close. On most important systems there is no need for the users to be able to provide executable which they then run. Executables are provided by the system manager. -- Larry Kilgallen
