OT Off-topic Was:Email Clients and digital signatures

Neil Williams linux@codehelp.co.uk
Sun Jul 6 01:29:04 2003


--Boundary-02=_l+1B/m8WDoKaKR3
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

OK, this thread is now so far off-topic I'll make this my last contribution=
=2E=20
Honest!

On Saturday 05 Jul 2003 9:15 pm, Joseph Bruni wrote:
> Excellent write-up, Neil. You neglected to mention (mostly due to space
> considerations? ;) ) the various holes in Outlook provided by Windows
> Media Player, also.

Not really space, more constant uninstallation of WMP itself - I never like=
d=20
WMP and so I binned it every time. I was lucky that I didn't have to instal=
l=20
recent editions of WMP and the ones I did have I didn't need so, sometimes=
=20
breaking Windows in the process, I took a brute force route to uninstalling=
=20
WMP and WSE. (WinME is a real pain with WSE. "Microsoft knows best so let=20
mammy silently reinstall WSE" despite the efforts of the user to prevent=20
exactly that. Finally I beat it into a numbing submission by creating a tex=
t=20
file with exactly the same number of bytes as the exe, renaming it exe,=20
making it read-only and using Linux to move it onto the Windows partition=20
instead of the 'real' executable. Nasty certainly, crude maybe, but vicious=
ly=20
effective.)=20

It certainly pays to know the OS from the inside - learn to program in DOS =
and=20
you get a whole new understanding of what is meant by a Windows=20
vulnerability. It isn't anything superficial, it's not a blemish, it isn't=
=20
minor. It means that your CPU registers (the only thing between your precio=
us=20
RAM and the bit bucket) are wide open to any other process that cares to li=
nk=20
a few lines of assembly code and take a peek. Windows opens the door and ju=
st=20
says "come on in, I don't care who you are". A few jump and mv statements a=
nd=20
hey presto, a low-level format of the first hard drive is in progress. Ooop=
s.=20

When you see a vulnerability/security alert that mentions 'the=20
intruder/program/bug etc. could run arbitrary code' it doesn't mean a quick=
=20
game of Solitaire.

It really is that easy - the reason it isn't happening all the time is that=
=20
the potential perpetrators have lost interest in trashing individual system=
s.=20
That's left to those who have a personal reason for targeted revenge (usual=
ly=20
targeted at the backup server). The interest is in distributed attacks -=20
keeping your machine running their nice Trojan. You keep going, oblivious t=
o=20
the chaos your infected machine is creating across the rest of the network.=
=20
(A DDoS, distributed denial of service).=20

I gave up using Windows for email within 2 hours of installing my first eve=
r=20
Linux distro. Simply installed Mozilla, deleted all accounts from OE and=20
blocked IE/OE/Explorer/WindowsBackdate  from ever contacting the internet=20
again using ZoneAlarm. I take the same approach with all Windows components=
 -=20
I know what is best for my systems and there is nothing BG can do to stop m=
e=20
having what I want. He tries, my my how he tries. But he just doesn't count=
=20
on low-level read-write access from Linux.
:-)))

> I would like to point out that at least in OS X, the root account is
> completely disabled by default. There is an "admin" group, but as you
> probably know, no mere group has root access. It is not at all like the
> Administrator group in NT. Instead, members of the "admin" group are
> allowed to authenticate in order to do temporary root things.=20

Mac OS X is one environment I am still waiting to try - it's the hardware c=
ost=20
that is stopping me at the mo. (But if it was available for PC, it'd be ver=
y=20
similar to existing Linux distributions anyway, so a port looks unlikely!)

Mandrake Linux is moving in a similar direction, not disabling but hiding r=
oot=20
from login and displaying dire warnings when you do find it. It's a good id=
ea=20
too, the installation routines are getting better and better. There is less=
=20
and less post-install configuration needed and therefore less need for root=
=20
to have GUI login access in the first place. Root users should know enough=
=20
about what they are doing to not need graphical tools.

> functionality. I'm not sure how it works, but unlike sudo, programs do
> not need to be set-uid-root for this to work. (I really must research
> how they do this.) Because of this, even when logged in as an
> administrator, one is unable to manipulate any of the system files,
> just as you described.

There is presumably some implementation of suid in the kernel. Not being ab=
le=20
to set a program suid individually is a bit of a restriction - leaving the=
=20
admin at the mercy of whoever writes the package installer.
You put restrictions on this admin at your own peril!

> Apple (as are the other BSDs) are working towards minimizing the number
> of set-uid-root programs. Indeed, the gpg executable does not need to
> be set-uid-root on OS X in order to wire down memory pages (there is a
> fixed limit on the number of pages a non-root process can wire down). I
> imagine other Unixes would benefit by having this feature as well.

One of the first lock-down procedures on any new Linux server is to find ou=
t=20
how many suid programs are around and reduce the figure pronto. For desktop=
=20
systems behind a decent firewall it's less urgent.

> To be fair, Microsoft has been getting better on security, but only
> because of constant pressure against their bottom line from the
> alternatives. They still have quite some distance to go, however.

Better is a relative term.

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/


--Boundary-02=_l+1B/m8WDoKaKR3
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/B1+liAEJSii8s+MRAuncAKCg5Facbd2YBoOcweKhRBfxcNCTtQCdHoUp
fKccr+jJ2G+hgxW5Pt32l+k=
=Pjkt
-----END PGP SIGNATURE-----

--Boundary-02=_l+1B/m8WDoKaKR3--