Secure Coding mailing list archives
Software Assist to Find Least Privilege
From: coley at linus.mitre.org (Steven M. Christey)
Date: Tue, 25 Nov 2008 12:56:58 -0500 (EST)
On Tue, 25 Nov 2008, Mark Rockman wrote:
Assuming this is repeated for every use case, the resulting reports would be a very good guide to how CAS settings should be established for production. Of course, everytime the program is changed in any way, the process would have to be repeated.
Better - and absoutely unachievable any time soon - would be for the application itself to more explicitly state what its requirements of the OS are, and what its intended behaviors are. Kind of like SELinux but simpler. More easily said than done, but until we develop richer models for representing what an application's legitimate behaviors are, then automated detection of these types of issues are likely to be difficult. - Steve
Current thread:
- Software Assist to Find Least Privilege Mark Rockman (Nov 25)
- Software Assist to Find Least Privilege Steven M. Christey (Nov 25)
- Software Assist to Find Least Privilege Gary McGraw (Nov 25)
- Software Assist to Find Least Privilege ljknews (Nov 25)
- Software Assist to Find Least Privilege Susan Bradley, CPA (Nov 25)
- Software Assist to Find Least Privilege Pete Werner (Nov 25)
- Software Assist to Find Least Privilege Steven M. Christey (Nov 25)