Email Clients and digital signatures
Sat Jul 5 22:14:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Excellent write-up, Neil. You neglected to mention (mostly due to space
considerations? ;) ) the various holes in Outlook provided by Windows
Media Player, also.
I would like to point out that at least in OS X, the root account is
completely disabled by default. There is an "admin" group, but as you
probably know, no mere group has root access. It is not at all like the
Administrator group in NT. Instead, members of the "admin" group are
allowed to authenticate in order to do temporary root things. Sort of
like what sudo provides for the command line. Programmers are required
to use the standard authentication API in order to achieve this
functionality. I'm not sure how it works, but unlike sudo, programs do
not need to be set-uid-root for this to work. (I really must research
how they do this.) Because of this, even when logged in as an
administrator, one is unable to manipulate any of the system files,
just as you described.
Apple (as are the other BSDs) are working towards minimizing the number
of set-uid-root programs. Indeed, the gpg executable does not need to
be set-uid-root on OS X in order to wire down memory pages (there is a
fixed limit on the number of pages a non-root process can wire down). I
imagine other Unixes would benefit by having this feature as well.
To be fair, Microsoft has been getting better on security, but only
because of constant pressure against their bottom line from the
alternatives. They still have quite some distance to go, however.
On Saturday, July 5, 2003, at 11:49 AM, Neil Williams wrote:
> Unix/Linux realise that not all users can be trusted not to do this -
> least of
> all automated tasks running in what should be the 'user' environment.
> running Linux as an ordinary user (99.9999% of the time), I cannot
> anything except what is in my own user space. I cannot overwrite system
> files, I cannot amend or add to system settings. I cannot run programs
> have the authority to change any of these things.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
-----END PGP SIGNATURE-----