From: marcs <marcs@skyhunter.com>
Replying To: Zooko <zooko@zooko.com>
Date: Thu, 28 Nov 2002 10:47:31 -0700
Subject: Re: [e-lang] capability myths demolished!
 

> Of course, the reason *I* care so strongly about it lies in category 3.  I now
> believe that unless a practical POLA system can be deployed (that allows people
> to safely look at the dancing bears in their e-mail), that the world's computer
> security problems will instead be solved by making it so that code only executes
> after the operating system has checked in with central HQ to see if the 
> registered author of the code is in good standing with all of the relevant 
> authorities.

A point I have started making since the advent of Palladium is that checking 
in with the central HQ about the good standing of the author does not solve  
all the problems. Specifically, code by an author in good standing can, via a 
simple programming bug, be subverted by a third party, and if the code in 
good standing has been handed the kind of total authority that all programs 
are handed these days, you are still toast. shap ben

A couple amusing examples lately, one of which I got from the e-lang list I 
think: 

-- The Microsoft Help Desk system can be persuaded to delete directories off 
your system. Why does Help Desk have this kind of authority? 

-- Microsoft IE has had a bug in it that allows outsiders to take full control 
of the system if the user goes to the attacker's web page; this bug is  
present in both IE 5.5 and IE 6.0. An attacker that didn't bother to tell 
anyone about the exploit when he found it could have been using it for over a 
year, subverting millions of computers, before anyone realized there was a 
bug, much less realize that Microsoft's certificate should be revoked (oh, 
yeah, visualize that happening :-). Once again, POLA confinement of the IE 
application would change this from a security nightmare of catastrophic 
proportions into a minor programming bug. shap

--marcs
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang