Win32 API utterly and irreprarable broken

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Dr. G at <-
MMDr. G at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Robert Bushman
Date:  
Subject: Win32 API utterly and irreprarable broken
On Thu, 8 Aug 2002, Dr. G wrote:

> Other then that, if your running a program on your PC someone else made that
> you don't 100% trust, your gambling, no matter if it's windows or linux.

Not so. Linux doesn't allow user accounts to
escalate their level. You can trash your own
data, but not the system.

If I set up a user named "magilla" in Linux, and
use that account to execute all my untrusted code,
I am confident that it cannot escalate its level
without using a currently unknow exploit - that is,
it cannot modify anything outside of /home/magilla
and /tmp. Better yet, I can chroot the account and
it won't be able to even see anything outside of
/home/magilla.

If I set up "magilla" in 2000, I am confident that
it can escalate its level - that is, it can do
anything to anything on the box.

That's the problem - it is currently impossible
to execute untrusted code on a Windows box safely.
That's what the author means by "unfixable" - it's
currently impossible to have a functional Windows
box on which you can safely execute untrusted code.

This is why Microsoft thinks Palladium is necessary.
They don't even grasp the fact that you can safely
execute untrusted code if your operating system's
security is designed correctly. So they have to
implement this ridiculous scheme where every piece
of code is authenticated by an outside authority.


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Contact Mgmt/Sales Force Automation.Win32 API utterly and irreprarable broken->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)