Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd
From: jjg () LUCENT COM (Jim Greene)
Date: Tue, 21 Jul 1998 17:30:18 EDT
From: Allanah Myles <dossy () PANOPTIC COM> On 1998.07.20, Brett Lymn <blymn () BAEA COM AU> wrote:A sufficiently determined programmer can write crap code despite the language.This is the key issue with the inherent security problems. The collolary to this statement is "better tools allow bad programs to implement bad designs faster." Using "better tools" as others seem to suggest will *not* gain us any more "security" than we already have, if we don't also change the quality of programmers.
You have misread the statement you quoted. It read, "sufficiently determined", not "incompetent", in reference to programmers. The two types of programmers are vastly different in abilities, one would imagine. The correct corollary (not collolary) to this statement would then be "better tools allow sufficiently determined programmers to implement bad designs faster". Try and stop a sufficiently determined programmer sometime. Your statement that better tools will not gain us more security is wrong. To give a non-technical analogy so you can understand the situation, I will give three similar sentences. If you cannot see the similarities, you are sufficiently determined to ignore the issues. 1) The training wheels on a child's bicycle help keep him/her from falling down when learning to ride. 2) My 6-foot fence keeps my neighbor's crazy pitbull out of my yard. 3) Bounds checking on array accesses eliminates one class of careless buffer overflows.
Why in god's name should a mail system require system-wide root privilages? As a normal user, I should be able to manipulate my own mailbox. Why shouldn't the agent through which I manipulate my own mailbox run, from start to finish, with no more privilages than my own user?
Why ask ridiculous questions? Why invoke melodramatic phrases like "Why in god's name..." when it is obvious that a remote mail server, working with UNIX filesystem privileges (not privilages!), _must_ run at an elevated state in order to access files or at least switch to another user's ID? I believe you don't understand the very important different between a local user and a remote user.
"Tools don't produce bad software. Bad designers produce bad designs from which bad software is implemented."
You address the bugtraq readers as if they are morons. Please stop.
In developing new "secure systems," we should spend less time *securing* already existing insecure systems, in the hopes of deluding ourselves that they have somehow become "secure" (when we know we can never prove such a thing). We should instead focus our energies on designing software systems where the threat-level is as minimal as possible.
You demand that we have no faith in the systems that many have been working (with varying levels of success) to secure, and then point over the hill at the promised land: The Software That Was Designed Correctly. This is the viewpoint of the theoretical student, the armchair warrior, and the barstool philosopher. Nothing will ever be perfect. Security is the limit as danger approaches zero.
[...] why does a tool like "rm" exist? Yes, in the wrong hands, "rm" can be very devastating. But, without necessary privilages, the scope of the damage is much smaller. So, design tools that do not require unnecessary privilages, and focus on preventing unauthorized gain of those privilages.
You argue with one face that to use better tools is ineffective, and then your other face argues that we should build better tools to use. Which of your faces is one to believe?
Well, then, if you want a secure system, be prepared to build one---from scratch, if need be.
Nihilist, be gone! You may only return with this argument when _you_ have built the Perfectly Secure System From Scratch.
Perhaps even the existing notion of UNIX-based privilages is insufficient for any real security - design a better model, and implement it. Don't complain about the tools people choose to use, as changing those won't improve security, they'll just give us new types of security problems to find. - -Dossy
You have complained and told us not to complain. You have told us all is bad and we must not use it, but offered nothing that is good. You have told us to change what we have for security, then told us it is impossible to change due to security. Your arguments all turn on each other like a pack of rabid dogs. You offer only confusion and annoyance. --Jim
Current thread:
- Re: EMERGENCY: new remote root exploit in UW imapd, (continued)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd matt (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Niall Smart (Jul 17)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: Bounds checking - historical aside Brett Glass (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Belits (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allen Smith (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Dave Andersen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Jim Greene (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Peter Jeremy (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd IBS / Andre Oppermann (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Adam Shostack (Jul 23)
- Security Bulletins Digest vtmue () HEAVEN RUF UNI-FREIBURG DE (Jul 23)
- Apache 1.3.1 Released! Aleph One (Jul 23)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Le Heux (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd D. J. Bernstein (Jul 28)
- Re: EMERGENCY: new remote root exploit in UW imapd der Mouse (Jul 28)
- Object tag crashes Internet Explorer 4.0 Georgi Guninski (Jul 28)
(Thread continues...)