[4782] in WWW Security List Archive
Re: Why do you think you can trust PC software? (was Re: Latest
daemon@ATHENA.MIT.EDU (Stephen Anderson)
Wed Mar 12 08:48:58 1997
To: WWW-SECURITY@ns2.rutgers.edu
In-reply-to: Your message of "Tue, 11 Mar 1997 09:40:49 PST."
<9703110940.ZM1352@solo.dc3.com>
Date: Wed, 12 Mar 1997 11:12:42 +0000
From: Stephen Anderson <stephen@planet.net.uk>
Errors-To: owner-www-security@ns2.rutgers.edu
> > That being the case, doesn't it just turn the issue around and scream,
> > "Hey! *All* programs should be running in appropriately sized sandboxes,
> > with access only to that functionality which they should rightfully need."
>
> They do. It's called an operating system. The assertion is your login, the
> capabilities you get depend on who you are and what the system admins grant
> you.
Unfortunately, Windows 3.11/95 machines (by default) don't offer a
sensible level of acess restriction. Even the things you can make them do
are fairly limited, and joe user does not understand security. I wouldn't
expect them to.
You can easily argue that they shouldn't have to.
Even on systems that offer this kind of access restriction, it's far too
rough grain. Obviously, you want to be able to use ls/dir throughout your
entire hierachy, but do you want to give a Java Applet a similar right to
discover what it likes about your personal file structure? I would have
thought not, but without *some* access to the file structure, Java
becomes little more than a toy for most people.
Lest you think I'm missing your point, this goes beyond the limited
domain of Java. People download binaries every day, and run them under
the assumption that they aren't hostile. This is a patently flawed
assumption. Sure user-level access rights restrict the damage to just one
user's area, but that could still cause a lot of damage.
Security by its nature is a paranoid business, and the only sensible
approach to take is "trust no-one (unless I explicitly say so)".
--
Stephen Anderson Stephen.Anderson@planet.net.uk
Planet Online : The White House | Tel : +44 (0) 113 2345566
Melbourne Street, Leeds LS2 7PS UK. | Fax : +44 (0) 113 2345656
"Watashi ni yo ga nakunattara sumiyakani hakaba e mairimasu."
