[plug] Optus at Home is secure... joking, of course

[Christian]

On Wed, May 31, 2000 at 10:34:18AM +0800, Leon Brooks wrote:
> 
> Perhapos after it's been "sandboxed" like tclplugin? E.g., only run
> executables from a specific list, don't allow slashes or leading dots in
> filenames, only allow connects to certain hosts (if at all) and writes
> to certain places such as ~/tmp/ or the original sheet name/dir, and/or
> force written files to have a "harmless" extension, axe the x bits on
> all files written, etc.

Breaking a sandbox is mostly just a matter of waiting for an
implementation bug.  The design may be secure, the implementation
(almost) invariably isn't.

> Even so, the security hole opened by any user-run script on Linux is not
> a wide one, and any competent sysadmin treats his users as fundamentally
> hostile to start with. Even the wiser class of users can do this to
> themselves: install Mandrake at security level "paranoid" and a trojan
> couldn't do much more than scratch itself. To give you some idea of how
> paranoid "paranoid" actually is, you have to add any user that wants to
> run X to the group "xgrp", and tab-completion of commands doesn't work
> because anything in any system directory (including the directory
> itself) that doesn't have to be readable or executable is not marked r
> or x.

Getting local user privileges on a Linux box is typically a very short
hop away from root.  I'd be willing to bet that the majority of "secure"
Linux boxes are only secure if an attacker doesn't have local access.
Is there any documentation available on Mandrake's "paranoid security
level"?  I'd be interested to find out exactly what this involves.

As for earlier comparisons of Windows 9x and Linux security... arguably
Windows in it's default state is more secure than most Linux
distributions in their default states.  The security only starts to
balance up as you put a user in front of both machines.

Regards,

Christian.