Re: [SC-L] Opinion re an interesting article on Linux security in Linux Journal

2004-03-10 Thread Richard Moore
Michal Zalewski wrote:

Uhh, with some new worms, you not only can't execute the rogue directly by
just clicking on an attachment, but you need to enter a password to get
access to it... you just need a userbase clueless enough to carry out even
a fairly complicated action out of curiosity, and some social engineering.
That's certainly true, though you can minimise such issues in KDE by 
using Kiosk mode to reduce the functionality available to users. I was 
responding however to Kenneth's point about how easy it was to open an 
attachment in it's respective app.

I don't minimise the dangers - they are real, but I do think we're in a 
better poisiton in the unix desktop world than the current state of the 
windows desktop.

Cheers

Rich.


Re: [SC-L] Opinion re an interesting article on Linux security in Linux Journal

2004-03-10 Thread Ryan Russell
Kenneth R. van Wyk wrote:

I think that we're seeing several of the features that have plagued the 
security of desktop Windows systems being increasingly incorporated into the 
desktops of Linux systems.  Further, the Linux desktop is truly maturing and, 
along with that, we're getting closer and closer to a critical mass of users.

So why do I feel that this is a Secure Coding issue and not (just) an OS 
security issue for Full-Disclosure and similar groups to discuss?  IMHO, the 
issues that we're dealing with get straight to the heart of the design of the 
desktop environments that are being deployed.  Sure, Linux has grown up with 
an arguably better separation of administrative and desktop users from day 
one, but even just a user-level email worm can be pretty frustrating (in case 
you haven't noticed from the size of your inbox in the last month or so).
What you're getting at is that clueless users want dangerous features, 
and that some programmers don't understand why it's a bad idea to 
provide them, and/or they don't have the option to leave them out (boss 
says they have to be there, etc...)  Further, cluesless users will pick 
the dangerous features if it is at all an option, i.e. if they can pick 
Lookout for Linux as a MUA, they will.

This is from personal experience supporting users, family, etc... that 
have no understanding of what happens to an attachment that they save 
to disk.  If the default directory they save to is not the same default 
that comes up when they launch Word and do File-Open, they are lost. 
If/when they ever endup running Linux, their understanding of 
filesystems is not going to increase.

I don't see a lot of room for secure programmers to help out.  Sure, 
they will not write MUAs that have the bad behavior, and the user will 
pick a bad one.  The programmer can write secure helper apps, but all 
programs that the MUA can invoke have to be secure.  The assumes that 
the MUA doesn't simply let the user launch ELFs or something.

	Ryan




RE: [SC-L] Opinion re an interesting article on Linux security in Linux Journal

2004-03-10 Thread Alun Jones
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Michal Zalewski
 Sent: Tuesday, March 09, 2004 1:16 PM
 
 Uhh, with some new worms, you not only can't execute the 
 rogue directly by
 just clicking on an attachment, but you need to enter a 
 password to get
 access to it... you just need a userbase clueless enough to 
 carry out even
 a fairly complicated action out of curiosity, and some social 
 engineering.

As ever, the chief flaw that is exploited by the most successful (in terms
of wide spread) viruses is that of human naivete / stupidity.

I reckon you'd get a fairly good spread of virus even if you asked people to
type the virus code into debug (a tool which, among other things, allows
you to directly enter hex codes).  The only thing that might slow such a
virus down is that many of the people typing it in would get a digit or two
wrong.

I've long maintained that Unix, Linux et al are not protected so much by
technical superiority as by a lack of users - particularly a lack of
technically uninformed users.  In some cases, too, the protection is that
there are less dumb developers.  To truly bring Linux down, what's needed is
a Visual Basic 1.0 for Linux :-)

Alun.

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | [EMAIL PROTECTED]
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

[Ed. Let's please keep this to a discussion of design features and NOT a
mudslinging contest (which no one can possibly win).  Thanks.  KRvW]


[SC-L] Re: Application Sandboxing, communication limiting, etc.

2004-03-10 Thread ljknews
At 11:14 AM -0700 3/10/04, Jared W. Robinson wrote:

Seems to me that the average user application doesn't need to open
TCP/UDP ports for listening.

Fixed in a previous major protocol stack.

Doing the equivalent on DECnet requires privilege.