Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 38

Thread: Reducing browser privileges!

  1. #21
    BIOS Bomber
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    357
    Originally posted here by Tiger Shark
    Dad?????
    no he is a human being. but maybe he could looklike a goat if you got drunk.

    on topic

    su nobody

    ./firefox
    "When in doubt, use Brute Force."

    Never argue with an idiot. They'll drag you down to their level, then beat you with experience.

  2. #22
    BIOS Bomber
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    357
    Originally posted here by catch
    [B]Really? So how will groups help you set up directory that allows a user to delete files, but not subdirectories while allowing the user to create subdirectories (with a predefined set of rights different than the original directory) but not new files and disallows the user to execute files or traverse the directory and allowing them to read file attributes but not read file security settings?


    Exactly, it's root's job to exist as a violation to the system's security policy... the technical definition of this is "A vulnerability." A vulnerability put in place to facilitate lazy administration.


    Last I checked the statistics of such things were appropriately proportional to scope of their use... also let us not forget UNIX's terrible audit trails.
    Thinking that the number of compromised systems reflects on a system's capabilities is very simple-minded.

    [B]
    i have a folder on a system where users exist, can't delete other sub dirs but can use their own files and create new folders. i believe its called /home

    root can be knocked down enough to not have full access. though i dont see your big deal over it. root should have that access. only an idiot is going to run something as root that could potentially harm the system in the first place.

    the number of compromised systems vs how secure it is.... yea that would be dumb wouldn't it, i mean security being how secure you can make something maybe its the idiot windows admins alloowing those nasty break ins that are at fault and not windows developers for skipping out on the coding for jack asses class.
    maybe one day when i start doing hallucinogenics i can comprehend what the hell you are talking about and how you make it that just because 90% of one platform gets owned in a given year, and only 10% of another platform gets pwnd the one that gets bent over the most is moe secure because it COULD be.

    thats like saying driving a pinto is more safe than driving a mercedes because pintos only let the ass end blow up on you if your to stupid to not dodge others on the info super highway from hitting you from the back. it just doesnt work right for me man.

    and tiger shark your ego amazes me. you come off as being someone who believees that just because your older than sand and know how to be a windows admin and because youv been in the service that that somhow makes you a man.

    kublai makes a post saying he doesn't agree and you laugh at the notion you could be wrong and he could be right you brain washed ninny. and then you have the nerve to say your not impressed? since when does someone have to finger your ass crack before they are allowed here?
    "When in doubt, use Brute Force."

    Never argue with an idiot. They'll drag you down to their level, then beat you with experience.

  3. #23
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    thats like saying driving a pinto is more safe than driving a mercedes because pintos only let the ass end blow up on you if your to stupid to not dodge others on the info super highway from hitting you from the back.
    The 1974 Pinto is the canonical example I usually refer to.
    Anyway, it was only vulnerable when you got hit. Remember
    to turn your PC off at night, because Windows is only vulnerable
    while it is running.
    I came in to the world with nothing. I still have most of it.

  4. #24
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    and tiger shark your ego amazes me.
    You haven't seen anything yet son......

    It's nothing to do with ego.... It's all about knowing my limits.... I know them... Do you know yours?

    Finger your crack if it amuses you.... I stopped doing it after a while in the jungle because it began to chafe like hell.....

    You need to learn what "computer security" is.... Because all you seem to be here for is to maintain that you OS is better then mine... and that's naive!

    I have _never_ been impressed by anyone who says "You don't know who I am, do you?".... That is the ultimate bullshit.... Because, obviously, if I don't recognize you then you aren't what is generally accepted as "well known".... But they have an ego that makes them think I should... Dumbasses!!!!

    Now, trot along and do your homework.... With luck you will get into college....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #25
    Banned
    Join Date
    May 2003
    Posts
    1,004
    i have a folder on a system where users exist, can't delete other sub dirs but can use their own files and create new folders. i believe its called /home
    And I believe that is not what I asked.

    I asked "So how will groups help you set up directory that allows a user to delete files, but not subdirectories while allowing the user to create subdirectories (with a predefined set of rights different than the original directory) but not new files and disallows the user to execute files or traverse the directory and allowing them to read file attributes but not read file security settings?"

    If you have difficulty grasping the difference, we shouldn't be having this conversation.

    root can be knocked down enough to not have full access. though i dont see your big deal over it. root should have that access. only an idiot is going to run something as root that could potentially harm the system in the first place.
    Modifying root in such a manner is non-traditional UNIX security (I believe I mentioned the idea of muddying the waters with CAF, MLS, and SE extensions).

    You don't see my problem with root?

    "vulnerability
    A weakness in system security procedures, system design, implementation, internal controls,
    etc., that could be exploited to violate system security policy.
    "
    -NCSC-TG-004 "Glossary of Computer Security Terms" (Teal Green Book)

    What would you call an account that has access to things not granted to it by the access control policy? Seems like a vulnerability to me... oddly enough the NSA agrees with this... whodathunkit?

    the number of compromised systems vs how secure it is.... yea that would be dumb wouldn't it, i mean security being how secure you can make something maybe its the idiot windows admins alloowing those nasty break ins that are at fault and not windows developers for skipping out on the coding for jack asses class.
    I tell you what... name me a single (that means one) vulnerability in the Windows 2000 operating system that was a true vulnerability... where the system security policy was violated. Name just one.

    If you can't name one we have nothing further to discuss.
    If you post bad examples where the exploit occurred within the bounds of a lax security policy I will take that to mean that you have no clue what vulnerabilities are, how they are classified, and what exactly a security policy is.

    If you would like me to provide you acedemic papers on this topic I would be more than happy to do so. If you wish to rely on simple numbers of compromised systems (that not only fail to reveal any useful information, but the numbers themselves are suspect as well), more power to ya, just please don't waste any more of my time.

    cheers,

    catch

  6. #26
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by Tiger Shark
    You haven't seen anything yet son......

    It's nothing to do with ego.... It's all about knowing my limits.... I know them... Do you know yours?

    You need to learn what "computer security" is.... Because all you seem to be here for is to maintain that you OS is better then mine... and that's naive!

    Now, trot along and do your homework.... With luck you will get into college....
    Normally this wouldn't warrent a reply, but considering that is my cousin...

    First off, I've known him all his life, he's never said "My OS is better than yours" so saying he's only here to say something he's never said even 1 time and then calling it naive.... Wouldn't that make YOU naive, considering he hasn't said a word about any Os being better than another? Or were you assuming that because his name says Mandrake and Tux? For all you know he wears flashy clothing and likes screaming plants. (and don't think that's a drug reference either, he hasn't ever touched any of THOSE plants either)... And , it must be said, you did pretty much scoff at him with a buzz off you little twerp attitude.



    Catch:

    He was 10 when Windows 2000 came out. But anyway, I haven't read everything you've posted but it sounds like what you're asking could be done on a Unix system, but it wouldn't be with a mouse unless you had GNOME or something loaded.

    They added something to Gnome similar to the Windows NT box that lets you change permissions from the window. Probably not what you're looking for though.

  7. #27
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Gore... trust me on this... can't be done within the traditional UNIX security policy. Clearly some random exotic third party tool might offer such controls... though who knows what level of assurance they will have.

    The Windows security model is more expressive than the UNIX model is... this isn't an opinion it is mathematical fact.

    cheers,

    catch

  8. #28
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Gore:

    I initially typed "childish" which I replaced with "naive" because of:-

    you come off as being someone who believees that just because your older than sand and know how to be a windows admin and because youv been in the service that that somhow makes you a man.
    I should have left the "childish".....

    He started with my age.... he moved to windows.... he went on to my service and he ended up with my masculinity... all on the same sentence.....

    He doesn't deserve any quarter from me..... he's being a dick... I'll treat him like one.... When he grows up I'll treat him like an adult..... Until then he will remain..... "Son"....

    Quit trying to protect him and teach him how to be an adult...... He clearly needs the assistance....

    G'night.... I still have things to do....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #29
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    He's a dick sometimes I know that, but he's 16 and needs a mixture of his ass kicked and his attitude changed and protected. He wants to join the Marines to help his being an ******* out, but what he MEANt by you being a Windows user wasn't "You use Windows" it was more like .... It seemed to have come off that the way you were whacking KK on the ass seemed like you were doing it because you use Windows and think it's better, and well, I know Catch can say that because he's a Unix guy who switched, but I know you haven't used Unix. So it makes it seem like you're knocking it without trying it. Man, tired, reword this later.

  10. #30
    Banned
    Join Date
    May 2003
    Posts
    1,004
    I know Catch can say that because he's a Unix guy who switched,
    I just had a conversation in PM with another user about this... they asked my favorite operating systems... and I replied:

    "For research and software development or large data processing systems UNIX can't be beat. I prefer AIX for large data processing systems and Solaris or IRIX as a workstation... SUSE isn't bad either.

    For graphical development/editing systems... MacOS and IRIX again get my vote.
    "

    People just accuse me of being anti-UNIX because I have a realistic idea about its security architecture.

    And gore... at 16, your cousin needs to learn to shut his mouth and open his mind. I think we can all agree how clueless we were at 16.

    cheers,

    catch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •