Win32 API utterly and irreprarable broken

Dr. G plug-discuss@lists.plug.phoenix.az.us
Thu, 8 Aug 2002 10:29:04 -0700 

Unless it asks for root privledges and you give it to them.

That's the only difference.

----- Original Message -----
From: "Robert Bushman" <bob@traxel.com>
To: <plug-discuss@lists.plug.phoenix.az.us>
Sent: Thursday, August 08, 2002 9:10 AM
Subject: Re: Win32 API utterly and irreprarable broken


> You are correct that it's not possible to safely
> execute untrusted code as root in Linux, and that
> it's not safe to execute untrusted code as Admin
> in Windows.
>
> OTOH, it is safe to execute untrusted code as an
> unpriviliged user in Linux. It is not safe to
> execute untrusted code as an unpriviliged user
> in Windows.
>
> That's major difference - it is impossible to execute
> untrusted code on a Windows box safely. It is
> trivial to execute untrusted code on a Linux box
> safely.
>
> On Thu, 8 Aug 2002, Dr. G wrote:
>
> > I'm, talking about if your unning/installing a RPM or what have you with
> > root privledges or you're actually logged on as root.
> >
> > As for that POS Palladium...that's a whole different can of worms.
> >
> >
> > ----- Original Message -----
> > From: "Robert Bushman" <bob@traxel.com>
> > To: <plug-discuss@lists.plug.phoenix.az.us>
> > Sent: Thursday, August 08, 2002 6:38 AM
> > Subject: Re: Win32 API utterly and irreprarable broken
> >
> >
> > > On Thu, 8 Aug 2002, Dr. G wrote:
> > >
> > > > Other then that, if your running a program on your PC someone else
made
> > that
> > > > you don't 100% trust, your gambling, no matter if it's windows or
linux.
> > >
> > > Not so. Linux doesn't allow user accounts to
> > > escalate their level. You can trash your own
> > > data, but not the system.
> > >
> > > If I set up a user named "magilla" in Linux, and
> > > use that account to execute all my untrusted code,
> > > I am confident that it cannot escalate its level
> > > without using a currently unknow exploit - that is,
> > > it cannot modify anything outside of /home/magilla
> > > and /tmp. Better yet, I can chroot the account and
> > > it won't be able to even see anything outside of
> > > /home/magilla.
> > >
> > > If I set up "magilla" in 2000, I am confident that
> > > it can escalate its level - that is, it can do
> > > anything to anything on the box.
> > >
> > > That's the problem - it is currently impossible
> > > to execute untrusted code on a Windows box safely.
> > > That's what the author means by "unfixable" - it's
> > > currently impossible to have a functional Windows
> > > box on which you can safely execute untrusted code.
> > >
> > > This is why Microsoft thinks Palladium is necessary.
> > > They don't even grasp the fact that you can safely
> > > execute untrusted code if your operating system's
> > > security is designed correctly. So they have to
> > > implement this ridiculous scheme where every piece
> > > of code is authenticated by an outside authority.
> > >
> > > ________________________________________________
> > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail
doesn't
> > post to the list quickly and you use Netscape to write mail.
> > >
> > > PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > >
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
> --------------------------------------------------------------------
>  'Microsoft also warned today that the era of "open computing," the
>  free exchange of digital information that has defined the personal
>  computer industry, is ending.'
>
>  http://www.nytimes.com/2002/07/25/technology/25NET.html
>
>  Will Microsoft permit you to use your mission critical data when
>  you need it?  Linux will, and you have the source to prove it.
> --------------------------------------------------------------------
>
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss