| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Feb 2004 17:11:06 +1100 (Australia/ACT) From: Darren Reed <avalon@...igula.anu.edu.au> To: mouse@...ents.Montreal.QC.CA (der Mouse) Cc: bugtraq@...urityfocus.com Subject: Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer In some mail from der Mouse, sie said: > > > Signed applications and signed DLLs and signed drivers [...] coming > > to a Unix near you SOONER rather than later. > > > Or is that the kind of thing you disable upon installation because it > > gets in the way of you being able to install whatever "you" want ? > > Depends. Does it include the tools necessary to sign my own code? Not with the same key that signs software provided by the OS supplier, that's for sure. Maybe not even at all. > If not, yes, I will disable it, to the point of running a different OS > if necessary. So you will disable a function that provides you with a trusted, secure, computing base because you cannot sign things yourself ? Are you really trying to run a secure environment or one that you think you can control yourself ? Do you see what I consider to be the obvious flaw in your statement here and that is you would prefer to use a less secure system because you seem to think that you are trustworthy. How does anyone know that you're not a virus/worm writer ? Do we just have to take your word for it ? The idea behind TCB moves that consider the user "hostile" is not without merit. Sooner or later, arguments that "I must do be in complete control and be able to do everything myself" are going to be considered laughable. Let me give you a hypothetical situation... Some time from now, all major commercial OS's come with signed binaries, libraries, etc and there's a major virus outbreak. How does the virus manage to get executed everywhere? Well, it's not a trusted application, for starters. (If it were then the signature would provide the start of an audit trail for someone to blame.) One reaction might be that government says you are not allowed to network, either directly or indirectly, computers that allow unsigned applications to run on them. Now what are you going to do ? Disconnect your computer or argue that you cannot trust the manufacturers and can only trust the programs you compile yourself ? And that of course begs the question, why should the rest of the world be expected to trust you ? Are you going to be in a position where you can afford the kind of liability insurance required to be a trusted source of computer applications ? Yes, this sort of requirement may well and truely be the death of shareware programs. It's been rumoured that the successor to XP will be incompatible in a significant way such that old applications will not run. What if this kind of platform was part of it and the Microsoft idea of solving the virus problem is to disallow execution of untrusted applications, by default, without so much as a prompt to ask a user yes or no, rendering all prior applications incompatible ? Well, maybe that is hoping for too much. I suppose to summarise, I see it something like this: - people want applications to be able to provide extra value by running scripts, binaries, easily, etc; - worms exploit desired featurisms by exploiting people and should be considered to be hostile/untrusted applications; - by building up a proper TCB we eliminate execution of worms whilst letting people continue to do what they want. Darren
Powered by blists - more mailing lists