At 9:32 PM -0800 11/25/08, Brian Chess wrote:

> Larry, I'm not sure I get your meaning.  You say you don't think it's a
>dry well, but then you say programmers ignore the privilege management
>facilities at their disposal.

I mean they ignore it until security overseers (800.53a, PCI DSS,
8500.2 evaluators) come by and force them to fix it.

> At 10:57 AM -0800 11/25/08, Andy Steingruebl wrote:
>> On Tue, Nov 25, 2008 at 9:48 AM, Gunnar Peterson
>> but actually the main point of my post and the one i would like to
>> hear people's thoughts on - is to say that attempting to apply
>> principle of least privilege in the real world often leads to drilling
>> dry wells. i am not blaming any group in particular i am saying i
>> think it is in the "too hard" pile for now and we as software security
>> people should not be advocating for it until or unless we can find
>> cost effective ways to implement it.
> Certainly it is not a dry well.  For the operating system I deal
> with, application programmers _consistently_ ignore the facility
> provided for fine-grained access to files and leave users with
> coarse-grained access as their only recourse.

So attempting to apply it is not a dry well and not too hard -
just typically done as a retrofit due to political rather than
techical circumstance.

I had a friend who was working on software where multi-million
dollar accounts failed to balance correctly.  That defect got
considerable management attention.  The same _could_ be done
for security.
Larry Kilgallen
Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to