Re: [PATCH] Remove absolute paths from gpg.rc
Rathole?
--
Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
On 2007-03-20 21:00:00 -0400, Derek Martin wrote:
> From: Derek Martin <invalid@xxxxxxxxxxxxxx>
> To: Mutt Developers <mutt-dev@xxxxxxxx>
> Date: Tue, 20 Mar 2007 21:00:00 -0400
> Subject: Re: [PATCH] Remove absolute paths from gpg.rc
> Reply-To: mutt-dev@xxxxxxxx
> X-Spam-Level:
> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5
>
> On Tue, Mar 20, 2007 at 07:28:36AM +0000, Dave wrote:
> > Look, if the user doesn't care, that's his own choice. We're
> > programmers, not policemen. If you want to force the user to follow
> > your rules because you think you have the right to not trust a user
> > with his own system, get Palladium, or whatever MS renamed it to.
> > You're setting a dangerous precedent by assuming that your users are
> > stupid.
>
> This is complete and utter nonsense.
>
> I'm guessing you're like a 2nd or 3rd year college student, idealistic
> and optimistic about future possibilities, excited about a career
> working with Unix. And naive as all hell. Programmers didn't need to
> be policemen in 1968 when Dennis Ritchie and Ken Thompson were working
> on Unix... there were about 3 people using it back then. Today things
> are different; programmers ARE and MUST BE policemen, because the vast
> majority of users don't know any better. Everything you've said in
> this message has proven beyond a shadow of a doubt that you are one of
> them.
>
> > Your logic here is screwey, because we _must_ assume that the user
> > has enough of a clue to care about whatever he wants to care about.
>
> Wrong again. We must care about security, because USERS WANT US TO.
> They want security, but they don't want to have to learn about it.
> Users made it our job.
>
> > > If only the user were affected, that would be one thing.
> >
> > If your security is compromised by the actions of another user on his own
> > system, then your security model is screwed up.
>
> Here's where you proved beyond a shadow of a doubt that you don't know
> anything at all about what security is, or how it works.
>
> > 10. Distrust the unknown. Anything provided by users or from outside
> > of the program is suspect.
> >
> > His error is that he neglects to draw the distinction between user input and
> > "outside" input.
>
> You have the audacity to cite "errors" in the advice of one of the
> most renowned and respected computer security experts in the business.
> Unbelievable!
>
> > If I'm the owner, my trust is the only thing that matters in my system.
>
> And who will you blame if your system gets compromised? The
> programmers...
>
> The rest of what you wrote is simply too naive and in some cases
> asinine to respond to. Blind adherence to any philosophy or dogma is
> folly, and your blind adherence to the Unix philosophy is your folly.
> No philosophy is always right. Your ravings about manipulating $PATH
> being incompatible with Unix are absurd in the extreme; this is an
> established best practice for security-sensitive *UNIX* software for
> more than a decade. Your blessed qmail uses it (it inserts its
> installation directory first into the PATH, to ensure that any
> programs it calls are the right ones), as does any sane
> security-sensitive application.
>
> "The first fact to face is that UNIX was not developed with
> security, in any realistic sense, in mind; this fact alone
> guarantees a vast number of holes."
>
> --Denis Ritchie, designer of Unix and creator of the Unix
> Philosophy
>
>
> http://scholar.google.com/scholar?hl=en&lr=&q=cache:8DMaAOIZSQkJ:secur.ibelgique.com/unix/ritchie.ps+
>
> --
> Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address. Replying to it will result in
> undeliverable mail. Sorry for the inconvenience. Thank the spammers.
>