Unless it asks for root privledges and you give it to them. That's the only difference. ----- Original Message ----- From: "Robert Bushman" To: Sent: Thursday, August 08, 2002 9:10 AM Subject: Re: Win32 API utterly and irreprarable broken > You are correct that it's not possible to safely > execute untrusted code as root in Linux, and that > it's not safe to execute untrusted code as Admin > in Windows. > > OTOH, it is safe to execute untrusted code as an > unpriviliged user in Linux. It is not safe to > execute untrusted code as an unpriviliged user > in Windows. > > That's major difference - it is impossible to execute > untrusted code on a Windows box safely. It is > trivial to execute untrusted code on a Linux box > safely. > > On Thu, 8 Aug 2002, Dr. G wrote: > > > I'm, talking about if your unning/installing a RPM or what have you with > > root privledges or you're actually logged on as root. > > > > As for that POS Palladium...that's a whole different can of worms. > > > > > > ----- Original Message ----- > > From: "Robert Bushman" > > To: > > Sent: Thursday, August 08, 2002 6:38 AM > > Subject: Re: Win32 API utterly and irreprarable broken > > > > > > > On Thu, 8 Aug 2002, Dr. G wrote: > > > > > > > Other then that, if your running a program on your PC someone else made > > that > > > > you don't 100% trust, your gambling, no matter if it's windows or linux. > > > > > > Not so. Linux doesn't allow user accounts to > > > escalate their level. You can trash your own > > > data, but not the system. > > > > > > If I set up a user named "magilla" in Linux, and > > > use that account to execute all my untrusted code, > > > I am confident that it cannot escalate its level > > > without using a currently unknow exploit - that is, > > > it cannot modify anything outside of /home/magilla > > > and /tmp. Better yet, I can chroot the account and > > > it won't be able to even see anything outside of > > > /home/magilla. > > > > > > If I set up "magilla" in 2000, I am confident that > > > it can escalate its level - that is, it can do > > > anything to anything on the box. > > > > > > That's the problem - it is currently impossible > > > to execute untrusted code on a Windows box safely. > > > That's what the author means by "unfixable" - it's > > > currently impossible to have a functional Windows > > > box on which you can safely execute untrusted code. > > > > > > This is why Microsoft thinks Palladium is necessary. > > > They don't even grasp the fact that you can safely > > > execute untrusted code if your operating system's > > > security is designed correctly. So they have to > > > implement this ridiculous scheme where every piece > > > of code is authenticated by an outside authority. > > > > > > ________________________________________________ > > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't > > post to the list quickly and you use Netscape to write mail. > > > > > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > ________________________________________________ > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > -------------------------------------------------------------------- > 'Microsoft also warned today that the era of "open computing," the > free exchange of digital information that has defined the personal > computer industry, is ending.' > > http://www.nytimes.com/2002/07/25/technology/25NET.html > > Will Microsoft permit you to use your mission critical data when > you need it? Linux will, and you have the source to prove it. > -------------------------------------------------------------------- > > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss