[LINK] Schneier on Storm Worm

Sun Oct 7 09:35:15 AEST 2007

On Sat, Oct 06, 2007 at 02:35:06PM +0200, Kim Holburn wrote:
> On 2007/Oct/06, at 1:41 PM, Craig Sanders wrote:
>> On Sat, Oct 06, 2007 at 12:29:18PM +0200, Kim Holburn wrote:
>>>> [re: unix-style permissions]
>>>>
>>>> In 1971, this might have been acceptable: it was 20 years before the
>>>> advent of the Web, and the threat model for most computer users was
>>>> entirely different than the one that applies today.
>>
>> actually, real ACLs have been around for years on several unix
>> filesystems - including several on linux (at least ext2/3 and xfs that
>> i know of for sure, others as well. ext2 and ext3 are THE most commonly
>> used filesystems on linux - they are the default/de-facto standard)
>>
>> btw, for those who don't know, a filesystem is the disk "format" used -
>> analogous to FAT or FAT32 or NTFS formats on windows.
>>
>> for almost all day to day usage, though, unix permissions are good
>> enough, and very simple to use. the more flexible (and more complicated)
>> acls tend to be used only where absolutely needed. and even systems
>> that use them, tend only to use them for particular files, directories,
>> and/or applications....the bulk of the system using plain old unix
>> perms.
>
> Actually they're not.  Bitfrost is a complete redesign of computer
> security with, what seem to me to be such obvious principles, as a
> basis.
> [...]

huh? what isn't? and what is it that they aren't? i was only talking
about file permissions and acls. didn't mention or comment on bitfrost
at all.

my point was that more detailed, more flexible file permission features
(ACLs) are available and have been available for many years. most people
don't need or use them. old-style permissions may be simple and limited
but they have survived BECAUSE they are adequate for many purposes and
don't require a huge amount of knowledge or work to use effectively.

> People, and especially most people who don't know much about          
> computers and even sometimes those who are, are simply not in a       
> position to make security decisions on the fly.  OLPC laptops are     
> designed to be used by people who may not even be literate and may    
> not be able to enter a username/password combination and yet still be 
> safe.                                                                 

safe from some things. still vulnerable to phishing and similar
social-engineering attacks.

protecting the user from themselves only goes so far.

> [...] Programs running do not get the same permissions as the user and
> may not get access to any of the user's data.

you mean something similar to the SELinux ("Security Enhanced Linux")
extensions developed by the NSA several years ago, and merged into the
mainline linux kernel shortly after they released it? with support for
it in all major distributions.

i know one linux user who has a machine on the net locked down tightly
using selinux. he has publicly published the root password with an open
challenge for the last few years to compromise the machine. even knowing
the root password doesn't help if the security context definitions
don't allow programs to access or change things - e.g. only known and
pre-approved programs can be allowed to access certain (or any) files or
have access to the network.

for example, only the system's package manager tools are allowed to
update/overwrite other programs. only the supplied password manipulation
tools are allowed to change the user authentication data (/etc/passwd
or whatever). only the system logging daemon has write access to the
log files. only apache is allowed to listen on port 80 (and it only has
access to web related files, nothing else).  and so on.

again, the feature is available, and again most people don't use or need
it.

craig

-- 
craig sanders <cas at taz.net.au>

Drugs may be the road to nowhere, but at least they're the scenic route!