Email Clients and digital signatures

Joseph Bruni
Sat Jul 5 22:14:02 2003

Hash: SHA1

Excellent write-up, Neil. You neglected to mention (mostly due to space 
considerations? ;) ) the various holes in Outlook provided by Windows 
Media Player, also.

I would like to point out that at least in OS X, the root account is 
completely disabled by default. There is an "admin" group, but as you 
probably know, no mere group has root access. It is not at all like the 
Administrator group in NT. Instead, members of the "admin" group are 
allowed to authenticate in order to do temporary root things. Sort of 
like what sudo provides for the command line. Programmers are required 
to use the standard authentication API in order to achieve this 
functionality. I'm not sure how it works, but unlike sudo, programs do 
not need to be set-uid-root for this to work. (I really must research 
how they do this.) Because of this, even when logged in as an 
administrator, one is unable to manipulate any of the system files, 
just as you described.

Apple (as are the other BSDs) are working towards minimizing the number 
of set-uid-root programs. Indeed, the gpg executable does not need to 
be set-uid-root on OS X in order to wire down memory pages (there is a 
fixed limit on the number of pages a non-root process can wire down). I 
imagine other Unixes would benefit by having this feature as well.

To be fair, Microsoft has been getting better on security, but only 
because of constant pressure against their bottom line from the 
alternatives. They still have quite some distance to go, however.

On Saturday, July 5, 2003, at 11:49 AM, Neil Williams wrote:

> Unix/Linux realise that not all users can be trusted not to do this - 
> least of
> all automated tasks running in what should be the 'user' environment. 
> When
> running Linux as an ordinary user (99.9999% of the time), I cannot 
> delete
> anything except what is in my own user space. I cannot overwrite system
> files, I cannot amend or add to system settings. I cannot run programs 
> that
> have the authority to change any of these things.
Version: GnuPG v1.2.2 (Darwin)