27 Apr
2016
27 Apr
'16
2:58 p.m.
From: Paul Koning
while Unix is reasonably secure, application writers
have managed to
create massive numbers of security holes that have nothing to do with
defects of the OS, and aren't cured by a better OS.
On a secure system (i.e. OS plus underlying hardware), _nothing_ an
application does (whether merely buggy, or guidely malevolent) can i) write
data it's not supposed to have write access to, ii) read such data, iii)
interfere with any another application, etc, etc.
Google '"Roger Schell" oral history', and read that, and the other
documents
he mentions there. (By itself, it's a very entertaining and educational read,
even if you ignore the others. It contains an interesting discssion on his
contributions to the security mechanisms of the x86 - which I expect Intel
will someday ditch, because nobody is using them - just like they apparently
ditched segmentation in the latest x86 chips because nobody is using it.
Sigh.)
Yes, a buggy application won't work right, and may crash, but there's no way
to prevent that (although better languages, and programming style, can help a
lot).
Noel
27 Apr
27 Apr
5:11 p.m.
On Apr 27, 2016, at 5:58 PM, Noel Chiappa <jnc at
mercury.lcs.mit.edu> wrote:
Sure, all that is obvious. But the problem is that some attacks require only the
application and the data it IS supposed to have access to -- just get the application to
do the wrong thing to the right data. That kind of malfunction can only be cured by
writing correct applications. For example, it isn't much consolation if your banking
app writes only to the correct bank accounts database, if it sends your money to the wrong
account for the wrong reason.
paul
From: Paul Koning
while Unix is reasonably secure, application
writers have managed to
create massive numbers of security holes that have nothing to do with
defects of the OS, and aren't cured by a better OS.
On a secure system (i.e. OS plus underlying hardware), _nothing_ an
application does (whether merely buggy, or guidely malevolent) can i) write
data it's not supposed to have write access to, ii) read such data, iii)
interfere with any another application, etc, etc.
3160
days inactive
3161
days old
1 comments
2 participants
participants (2)
-
jnc@mercury.lcs.mit.edu -
paulkoning@comcast.net