Win32 API utterly and irreprarable broken
Robert Bushman
plug-discuss@lists.plug.phoenix.az.us
Thu, 8 Aug 2002 12:10:25 -0400 (EDT)
You are correct that it's not possible to safely
execute untrusted code as root in Linux, and that
it's not safe to execute untrusted code as Admin
in Windows.
OTOH, it is safe to execute untrusted code as an
unpriviliged user in Linux. It is not safe to
execute untrusted code as an unpriviliged user
in Windows.
That's major difference - it is impossible to execute
untrusted code on a Windows box safely. It is
trivial to execute untrusted code on a Linux box
safely.
On Thu, 8 Aug 2002, Dr. G wrote:
> I'm, talking about if your unning/installing a RPM or what have you with
> root privledges or you're actually logged on as root.
>
> As for that POS Palladium...that's a whole different can of worms.
>
>
> ----- Original Message -----
> From: "Robert Bushman" <bob@traxel.com>
> To: <plug-discuss@lists.plug.phoenix.az.us>
> Sent: Thursday, August 08, 2002 6:38 AM
> Subject: Re: Win32 API utterly and irreprarable broken
>
>
> > On Thu, 8 Aug 2002, Dr. G wrote:
> >
> > > Other then that, if your running a program on your PC someone else made
> that
> > > you don't 100% trust, your gambling, no matter if it's windows or linux.
> >
> > Not so. Linux doesn't allow user accounts to
> > escalate their level. You can trash your own
> > data, but not the system.
> >
> > If I set up a user named "magilla" in Linux, and
> > use that account to execute all my untrusted code,
> > I am confident that it cannot escalate its level
> > without using a currently unknow exploit - that is,
> > it cannot modify anything outside of /home/magilla
> > and /tmp. Better yet, I can chroot the account and
> > it won't be able to even see anything outside of
> > /home/magilla.
> >
> > If I set up "magilla" in 2000, I am confident that
> > it can escalate its level - that is, it can do
> > anything to anything on the box.
> >
> > That's the problem - it is currently impossible
> > to execute untrusted code on a Windows box safely.
> > That's what the author means by "unfixable" - it's
> > currently impossible to have a functional Windows
> > box on which you can safely execute untrusted code.
> >
> > This is why Microsoft thinks Palladium is necessary.
> > They don't even grasp the fact that you can safely
> > execute untrusted code if your operating system's
> > security is designed correctly. So they have to
> > implement this ridiculous scheme where every piece
> > of code is authenticated by an outside authority.
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--------------------------------------------------------------------
'Microsoft also warned today that the era of "open computing," the
free exchange of digital information that has defined the personal
computer industry, is ending.'
http://www.nytimes.com/2002/07/25/technology/25NET.html
Will Microsoft permit you to use your mission critical data when
you need it? Linux will, and you have the source to prove it.
--------------------------------------------------------------------