strangest systems I've sent email from
Paul Koning
paulkoning at comcast.net
Wed Apr 27 19:11:16 CDT 2016
> On Apr 27, 2016, at 5:58 PM, Noel Chiappa <jnc at mercury.lcs.mit.edu> wrote:
>
>> From: Paul Koning
>
>> while Unix is reasonably secure, application writers have managed to
>> create massive numbers of security holes that have nothing to do with
>> defects of the OS, and aren't cured by a better OS.
>
> On a secure system (i.e. OS plus underlying hardware), _nothing_ an
> application does (whether merely buggy, or guidely malevolent) can i) write
> data it's not supposed to have write access to, ii) read such data, iii)
> interfere with any another application, etc, etc.
Sure, all that is obvious. But the problem is that some attacks require only the application and the data it IS supposed to have access to -- just get the application to do the wrong thing to the right data. That kind of malfunction can only be cured by writing correct applications. For example, it isn't much consolation if your banking app writes only to the correct bank accounts database, if it sends your money to the wrong account for the wrong reason.
paul
More information about the cctalk
mailing list