On Tue, Mar 20, 2007 at 07:28:36AM +0000, Dave wrote: > Look, if the user doesn't care, that's his own choice. We're > programmers, not policemen. If you want to force the user to follow > your rules because you think you have the right to not trust a user > with his own system, get Palladium, or whatever MS renamed it to. > You're setting a dangerous precedent by assuming that your users are > stupid. This is complete and utter nonsense. I'm guessing you're like a 2nd or 3rd year college student, idealistic and optimistic about future possibilities, excited about a career working with Unix. And naive as all hell. Programmers didn't need to be policemen in 1968 when Dennis Ritchie and Ken Thompson were working on Unix... there were about 3 people using it back then. Today things are different; programmers ARE and MUST BE policemen, because the vast majority of users don't know any better. Everything you've said in this message has proven beyond a shadow of a doubt that you are one of them. > Your logic here is screwey, because we _must_ assume that the user > has enough of a clue to care about whatever he wants to care about. Wrong again. We must care about security, because USERS WANT US TO. They want security, but they don't want to have to learn about it. Users made it our job. > > If only the user were affected, that would be one thing. > > If your security is compromised by the actions of another user on his own > system, then your security model is screwed up. Here's where you proved beyond a shadow of a doubt that you don't know anything at all about what security is, or how it works. > 10. Distrust the unknown. Anything provided by users or from outside > of the program is suspect. > > His error is that he neglects to draw the distinction between user input and > "outside" input. You have the audacity to cite "errors" in the advice of one of the most renowned and respected computer security experts in the business. Unbelievable! > If I'm the owner, my trust is the only thing that matters in my system. And who will you blame if your system gets compromised? The programmers... The rest of what you wrote is simply too naive and in some cases asinine to respond to. Blind adherence to any philosophy or dogma is folly, and your blind adherence to the Unix philosophy is your folly. No philosophy is always right. Your ravings about manipulating $PATH being incompatible with Unix are absurd in the extreme; this is an established best practice for security-sensitive *UNIX* software for more than a decade. Your blessed qmail uses it (it inserts its installation directory first into the PATH, to ensure that any programs it calls are the right ones), as does any sane security-sensitive application. "The first fact to face is that UNIX was not developed with security, in any realistic sense, in mind; this fact alone guarantees a vast number of holes." --Denis Ritchie, designer of Unix and creator of the Unix Philosophy http://scholar.google.com/scholar?hl=en&lr=&q=cache:8DMaAOIZSQkJ:secur.ibelgique.com/unix/ritchie.ps+ -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Description: PGP signature