Secure Coding mailing list archives
4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: mouse at Rodents.Montreal.QC.CA (der Mouse)
Date: Fri, 7 Apr 2006 12:53:38 -0400 (EDT)
If an application is a File Compression utility, then there is no reason why it should have access to the TCP stack.
The problem then, is how to prevent an unprivileged user from setting up a File Compression utility to access TCP and establish a port to which an incoming connection can be made without authentication.
The problem is worse than that. The problem becomes one of identifying whether a particular program is something that should or shouldn't have access to the TCP stack - or, more likely, which of several grades of access it should have. For example, on a typical Unix variant, there are no file compression utilities; there are compression utilities which can be used to compress files, but which can also be used to, say, take data from a network connection, compress it, and send it back out that connection in the other direction. As such, they need to have access to send and receive data over established TCP streams. But then there are programs such as netcat, which to do their job need to be able to set up listening endpoints and initiate connections. The problem becomes one of telling the difference. You need to either forbid users from running un-vetted executables they provide (whether locally compiled or not is irrelevant) or you need to trust them to accurately state what level of access they need to the network. The latter is highly error-prone - just look at how many users routinely run with admin privilege under Windows - and the former will garner your OS widespread rejection (even if it does gain a sliver of acceptance from those who (a) understand the security principles involved and (b) want to run a shop that tight). /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse at rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Apr 06)
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code ljknews (Apr 06)
- <Possible follow-ups>
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Apr 06)
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code ljknews (Apr 06)
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code der Mouse (Apr 07)
- 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code ljknews (Apr 06)