[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] Viruses

To: asrg@ietf.org
Subject: RE: [Asrg] Viruses
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Date: Wed, 25 Jun 2003 15:11:19 -0600 (MDT)
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <2A1D4C86842EE14CA9BC80474919782E0D228C@mou1wnexm02.verisign.com>
Sender: asrg-admin@ietf.org

> From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

> ...
> The only O/S security feature I am aware of that is relevant in this
> regard is the VMS fine grained privileges that allowed processes to
> be created that did not have network access or did not have file 
> access.
>
> There is a similar feature set in Windows NT but the applications
> appear to be unaware of the reason it should be used.
>
> I am unaware of any equivalent system in the UNIX world, chroot is
> not equivalent. The .NET framework has reinstated the concept of fine
> grained privs but it will take many years for them to be used by
> applications.
>
> Finger pointing is rarely a good guide to good security practice.
> I remember the time when people doubted unix would get anywhere
> because of its notorious security problems and weak security
> architecture, it does not seem to have had the predicted effect.

Many UNIX flavors have extremely fine grained privileges.  I've been
told by people who dealt with the U.S. Dept. of Defense's tests that
full-up mandatory access controls are unavoidable.  That might be why
many and probably most commercial UNIX flavors have (or at least had)
MAC available.  They also tend to have elaborate privilege inheritance
mechanisms.  Eg. for inetd to be able to open the sockets it needs,
it must not only be running as root, but started by a process that
has the rights to open those sockets and that explicitly passes those
rights during the fork().  Such stuff makes for a lot of bug prone
noise in control files, and elsewhere, and so it's generally disabled
and suppressed for commercial customers.   It's been more than 5 years
since I was employed by a UNIX vendor that offered this gunk.

I think a fundamental security principle is that the operating system
cannot entirely trust applications to do the right things.  Ignoring
this principle was the foundation of the first 10 or 15 years of
Microsoft security holes, where Microsoft thought or claimed that a
primitive program loader and some utility routines was an "operating
system."  But yes, the ancient Burroughs system could be seen as an
existence proof to the contrary.

Perhaps in theory and certainly in press releases .NET is secure.
The history of other absolutely, provably secure mechanisms from
Redmond including ActiveX urge skepticism.

What does any of this have to do with spam in general or the ASRG?
That viruses and worms can used to pump spam from Microsoft systems
doesn't seem much different from the fact that a lot of spam is pumped
through open-by-default proxy programs.  The spam looks the same.


Vernon Schryver    vjs@rhyolite.com


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- RE: [Asrg] Viruses
  - From: Barry Shein

References:
- RE: [Asrg] Viruses
  - From: Hallam-Baker, Phillip

Prev by Date: Re: [Asrg] Viruses
Next by Date: RE: [Asrg] Viruses
Previous by thread: Re: [Asrg] Viruses
Next by thread: RE: [Asrg] Viruses
Index(es):
- Date
- Thread