OT Off-topic Was:Email Clients and digital signatures

Neil Williams linux@codehelp.co.uk
Sun Jul 6 01:29:04 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

OK, this thread is now so far off-topic I'll make this my last contribution=

On Saturday 05 Jul 2003 9:15 pm, Joseph Bruni wrote:
> Excellent write-up, Neil. You neglected to mention (mostly due to space
> considerations? ;) ) the various holes in Outlook provided by Windows
> Media Player, also.

Not really space, more constant uninstallation of WMP itself - I never like=
WMP and so I binned it every time. I was lucky that I didn't have to instal=
recent editions of WMP and the ones I did have I didn't need so, sometimes=
breaking Windows in the process, I took a brute force route to uninstalling=
WMP and WSE. (WinME is a real pain with WSE. "Microsoft knows best so let=20
mammy silently reinstall WSE" despite the efforts of the user to prevent=20
exactly that. Finally I beat it into a numbing submission by creating a tex=
file with exactly the same number of bytes as the exe, renaming it exe,=20
making it read-only and using Linux to move it onto the Windows partition=20
instead of the 'real' executable. Nasty certainly, crude maybe, but vicious=

It certainly pays to know the OS from the inside - learn to program in DOS =
you get a whole new understanding of what is meant by a Windows=20
vulnerability. It isn't anything superficial, it's not a blemish, it isn't=
minor. It means that your CPU registers (the only thing between your precio=
RAM and the bit bucket) are wide open to any other process that cares to li=
a few lines of assembly code and take a peek. Windows opens the door and ju=
says "come on in, I don't care who you are". A few jump and mv statements a=
hey presto, a low-level format of the first hard drive is in progress. Ooop=

When you see a vulnerability/security alert that mentions 'the=20
intruder/program/bug etc. could run arbitrary code' it doesn't mean a quick=
game of Solitaire.

It really is that easy - the reason it isn't happening all the time is that=
the potential perpetrators have lost interest in trashing individual system=
That's left to those who have a personal reason for targeted revenge (usual=
targeted at the backup server). The interest is in distributed attacks -=20
keeping your machine running their nice Trojan. You keep going, oblivious t=
the chaos your infected machine is creating across the rest of the network.=
(A DDoS, distributed denial of service).=20

I gave up using Windows for email within 2 hours of installing my first eve=
Linux distro. Simply installed Mozilla, deleted all accounts from OE and=20
blocked IE/OE/Explorer/WindowsBackdate  from ever contacting the internet=20
again using ZoneAlarm. I take the same approach with all Windows components=
I know what is best for my systems and there is nothing BG can do to stop m=
having what I want. He tries, my my how he tries. But he just doesn't count=
on low-level read-write access from Linux.

> I would like to point out that at least in OS X, the root account is
> completely disabled by default. There is an "admin" group, but as you
> probably know, no mere group has root access. It is not at all like the
> Administrator group in NT. Instead, members of the "admin" group are
> allowed to authenticate in order to do temporary root things.=20

Mac OS X is one environment I am still waiting to try - it's the hardware c=
that is stopping me at the mo. (But if it was available for PC, it'd be ver=
similar to existing Linux distributions anyway, so a port looks unlikely!)

Mandrake Linux is moving in a similar direction, not disabling but hiding r=
from login and displaying dire warnings when you do find it. It's a good id=
too, the installation routines are getting better and better. There is less=
and less post-install configuration needed and therefore less need for root=
to have GUI login access in the first place. Root users should know enough=
about what they are doing to not need graphical tools.

> functionality. I'm not sure how it works, but unlike sudo, programs do
> not need to be set-uid-root for this to work. (I really must research
> how they do this.) Because of this, even when logged in as an
> administrator, one is unable to manipulate any of the system files,
> just as you described.

There is presumably some implementation of suid in the kernel. Not being ab=
to set a program suid individually is a bit of a restriction - leaving the=
admin at the mercy of whoever writes the package installer.
You put restrictions on this admin at your own peril!

> Apple (as are the other BSDs) are working towards minimizing the number
> of set-uid-root programs. Indeed, the gpg executable does not need to
> be set-uid-root on OS X in order to wire down memory pages (there is a
> fixed limit on the number of pages a non-root process can wire down). I
> imagine other Unixes would benefit by having this feature as well.

One of the first lock-down procedures on any new Linux server is to find ou=
how many suid programs are around and reduce the figure pronto. For desktop=
systems behind a decent firewall it's less urgent.

> To be fair, Microsoft has been getting better on security, but only
> because of constant pressure against their bottom line from the
> alternatives. They still have quite some distance to go, however.

Better is a relative term.


Neil Williams


Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)