On Tue, Mar 20, 2007 at 07:28:36AM +0000, Dave wrote:
> Look, if the user doesn't care, that's his own choice. We're
> programmers, not policemen. If you want to force the user to follow
> your rules because you think you have the right to not trust a user
> with his own system, get Palladium, or whatever MS renamed it to.
> You're setting a dangerous precedent by assuming that your users are
> stupid.
This is complete and utter nonsense.
I'm guessing you're like a 2nd or 3rd year college student, idealistic
and optimistic about future possibilities, excited about a career
working with Unix. And naive as all hell. Programmers didn't need to
be policemen in 1968 when Dennis Ritchie and Ken Thompson were working
on Unix... there were about 3 people using it back then. Today things
are different; programmers ARE and MUST BE policemen, because the vast
majority of users don't know any better. Everything you've said in
this message has proven beyond a shadow of a doubt that you are one of
them.
> Your logic here is screwey, because we _must_ assume that the user
> has enough of a clue to care about whatever he wants to care about.
Wrong again. We must care about security, because USERS WANT US TO.
They want security, but they don't want to have to learn about it.
Users made it our job.
> > If only the user were affected, that would be one thing.
>
> If your security is compromised by the actions of another user on his own
> system, then your security model is screwed up.
Here's where you proved beyond a shadow of a doubt that you don't know
anything at all about what security is, or how it works.
> 10. Distrust the unknown. Anything provided by users or from outside
> of the program is suspect.
>
> His error is that he neglects to draw the distinction between user input and
> "outside" input.
You have the audacity to cite "errors" in the advice of one of the
most renowned and respected computer security experts in the business.
Unbelievable!
> If I'm the owner, my trust is the only thing that matters in my system.
And who will you blame if your system gets compromised? The
programmers...
The rest of what you wrote is simply too naive and in some cases
asinine to respond to. Blind adherence to any philosophy or dogma is
folly, and your blind adherence to the Unix philosophy is your folly.
No philosophy is always right. Your ravings about manipulating $PATH
being incompatible with Unix are absurd in the extreme; this is an
established best practice for security-sensitive *UNIX* software for
more than a decade. Your blessed qmail uses it (it inserts its
installation directory first into the PATH, to ensure that any
programs it calls are the right ones), as does any sane
security-sensitive application.
"The first fact to face is that UNIX was not developed with
security, in any realistic sense, in mind; this fact alone
guarantees a vast number of holes."
--Denis Ritchie, designer of Unix and creator of the Unix
Philosophy
http://scholar.google.com/scholar?hl=en&lr=&q=cache:8DMaAOIZSQkJ:secur.ibelgique.com/unix/ritchie.ps+
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgprIHg8IYgeG.pgp
Description: PGP signature