[plug] Security and Privacy.

The Thought Assassin assassin at live.wasp.net.au
Mon Dec 25 23:21:56 WST 2000


On Sat, 23 Dec 2000, Scott wrote:
> The more security the less functional, there is only one more step (the
> ultimate security feature) the off switch.
That is a very pessimistic viewpoint. Complexity is bad for security, but
functionality is not. Functionality does not need to mean complexity, and
hopefully one's underlying security structure can be sufficiently simple
and (provably?) effective that even complex functionality can be invoked
within a secure sandbox.

> After reading a article called Linux Entomology from  Maximum Linux. It
> seems that some Linux viruses are transmitted from scripting languages.
You mean if you run a random script it might run code you don't want?
Astonishing. So don't run it as an important user.

> " At least as early as 1991, it was shown that a document written in Tex, a
> UNIX typesetting format, could contain viruses. Postscript can be used
> similarly. .... In fact, a virus that infects manpages- the original UNIX
> help files- was posted to a UNIX mailing list."
Bugs in Tex, some postscript interpreter and man respectively. Not
deliberate design decisions to run untrusted code.

> Buffer overflows are also a problem eg a mp3 a "poorly designed player"
> could inadvertantly execute code hidden inside a MP3 song.
Ditto.

The difference is that in Linux, you needn't run these programs as any
kind of important user with any kind of privelege.

> "Linux systems are also vulnerable to the same boot sector viruses that
> plague the windows world."

You certainly needn't run them as root. Ridiculous.

> Basically as Linux is more widely used the more likely that viruses will be
> made and used. Linux has many advantages that windoze doesn't but that
> doesn't mean that newer smarter viruses wont be written.
The only way a virus running as an unpriveleged user is going to propogate
is through bugs in programs run by (or setuid to) higher-level users.
These bugs can be fixed or hopefully avoided. In windows (less so for NT)
the system is fundamentally designed to grant rogue programs full access.

> In reality there are many programs we run on a regular basis that do
> have (to some degree) root access.
There are 13 such on my system (and a couple more I don't use and ought
kill). I have great confidence in all but X, gpm and xterm, as these are
the only complex big or recently-developed programs. If I install
framebuffer drivers, I could run all of those as non-root users.
I am, however, too lazy. :)

> java being the least of them.
Java will never run as root on my system. Why on earth would you run it as
root on yours?

> My other points "How far is far enough? What is more important security or
> privacy?"
Since you don't mention any privacy risks you feel you are vulnerable to,
I'll have to assume that security is far more important.

> We all know how exact computers are and even expert systems can't predict
> human behaviour
That's OK, humans can't predict the behaviour of any decent expert system.

> Privacy is the only real security measure.
I have absolutely no idea how to read any sense into this sentence.
What exactly are you trying to say?

-Greg Mildenhall




More information about the plug mailing list