At 11:54 PM -0800 12/21/04, Crispin Cowan wrote: >ljknews wrote: > >>On most important systems there is no need for the users to be able >>to provide executable which they then run. Executables are provided >>by the system manager. >> > While I am sympathetic to this point of view, it is no longer relevant > to the modern context, where many data formats end up being executable, > e.g. Office documents with executable macros in them.
Executable data formats have proven impossible to secure, starting with the defect IBM introduced into CMS allowing text formatters run in response to email documents and thus make system calls. The fact that Microsoft would copy this security hole into Word 6 certainly indicates they are not able to learn from mistakes made by others - they must reinvent the same mistakes. IBM withdrew their error. > Securing a MAC system in which the users are hog-tied is easy. The trick > is to provide reasonable security *and* reasonable usability. There ain't no such thing as a free beer. -- Larry Kilgallen
