| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Mar 2005 08:45:49 -0800 From: "David Gillett" <gillettdavid@...a.edu> To: <jasonc@...ence.org>, <jericho@...rition.org> Cc: sberinato@....com, full-disclosure@...ts.grok.org.uk, isn@....org, bugtraq@...urityfocus.com Subject: RE: [ISN] How To Save The Internet Jason Coombs [mailto:jasonc@...ence.org] writes: <snip> > ... the core problem with computer > security is that our CPUs make no effort to restrict the execution of > machine code to that very small subset of all possible machine code > which constitutes the code that the owner of the CPU desires > it to run. <snip> > If anyone really cared about solving this core security problem with > computing today, it would be solved in just a few months. Just one of the myriad of security issues that we're grappling with are the various rights of the owner of the CPU, the *operator* of the CPU, and the owner of the *data*, each of whom may have a more or less legitimate say in what code actually gets executed. Far too many folks have already "solved" this problem incorrectly for me to believe that the "just a few months" solution you envisage will actually be correct. David Gillett _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists