[plug] Optus at Home is secure... joking, of course

Leon Brooks leon at brooks.smileys.net
Wed May 31 10:34:18 WST 2000


Oliver White wrote:
> Mike Holland wrote:
>> Well you could say that about Linux. OK, linux doesnt make it so easy,
>> but what about Gnome/KDE ? If they dont let you double click a perl
>> attachment now, I bet something soon will.

> Interesting POV, but I think there's definitely room to learn from Microsoft's
> mistakes. For instance, Gnumeric allows perl and python scripting, but the scripts
> have to be manually loaded before they'll run. This will remain the case until a
> way can be proven to allow safe auto-loading of scripts (says the team).

Perhapos after it's been "sandboxed" like tclplugin? E.g., only run
executables from a specific list, don't allow slashes or leading dots in
filenames, only allow connects to certain hosts (if at all) and writes
to certain places such as ~/tmp/ or the original sheet name/dir, and/or
force written files to have a "harmless" extension, axe the x bits on
all files written, etc.

Even so, the security hole opened by any user-run script on Linux is not
a wide one, and any competent sysadmin treats his users as fundamentally
hostile to start with. Even the wiser class of users can do this to
themselves: install Mandrake at security level "paranoid" and a trojan
couldn't do much more than scratch itself. To give you some idea of how
paranoid "paranoid" actually is, you have to add any user that wants to
run X to the group "xgrp", and tab-completion of commands doesn't work
because anything in any system directory (including the directory
itself) that doesn't have to be readable or executable is not marked r
or x.

-- 
Dogs have masters. Cats have staff.



More information about the plug mailing list