lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20070319202929.GJ20066@randombit.net>
Date: Mon, 19 Mar 2007 16:29:29 -0400
From: Jack Lloyd <lloyd@...dombit.net>
To: bugtraq@...urityfocus.com
Subject: Re: Your Opinion

On Fri, Mar 16, 2007 at 02:44:07PM -0600, Neil Dickey wrote:

> Even an absolutely secure operating environment ( OS +security programs )
> can be compromised by a user who is ignorant or malicious, or by third-
> party software which is poorly made.

Perhaps I'm misinterpreting your words, but I read this as a statement
that no operating system can be secure against local attackers. While
possibly true, I feel like it's a rather pessimistic view of the
situation. Though I do agree that most if not all commercially
available operating systems are in this state; I just don't that it is
intrinsic to the definition of an OS.

The state of commercial OS security has not been helped much by the
fact that most 'secure' OS designs were written to provide Orange
Book-style MLS (since historically that is where the money has been
for a secure OS design), which provides security features which are
for the most part useless outside of a military environment. The only
real exceptions that come to mind are the hardened Unix systems
(OpenBSD, grsec, etc) which are still stuck with a historical Unix
security model that gives local attackers (or negligent users) a lot
of rope to hang themselves and/or others. (There are of course
research systems that provide much better security models, but aren't
really usable as general purpose OSes).

-Jack

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ