Reducing browser privileges!

I think this reading is really cool! I thought to share it with you! :)

Quote:

---

Security companies and researchers have made careers out of identifying the latest bugs in Internet Explorer. While Microsoft has been relatively idle, the developers of Firefox have continued to add functionality and provide what was perceived to be more secure code. The story doesn't end there, though. The past six months have seen major vulnerabilities in Firefox too, and its adoption has slowed. Some people are beginning to question the wisdom in switching to another browser that is possibly just as insecure as IE.

Meanwhile a simple yet little-known approach exists for users to avoid many of these vulnerabilities in any web browser. It is a novel tool called "Drop My Rights," created by Microsoft's Michael Howard. While it was released last year and is very simple to use, it has not gained popularity despite all the vulnerabilities found in IE, Firefox, and various email applications. Therefore it's important to understand why such a tool is needed before looking at the tool itself. We'll test it in a virtual machine environment against various websites known to install spyware or viruses and look at the results.

Full-length Article

---

Hmmm, this keeps cropping up. :wink:

No worries. And my point still stands, relatively unchallenged (and unanswered.) Is it better security practice / principal to:
[list=1][*]endorse and recommend a product to lower (drop) the rights of an application so that, if the application is compromised, the users Admin/root/priviledged credentials are less likely to be subverted?
[*]endorse that we all stop using accounts with elevated priviledges for common use of non-administrative or priviledged functions, thus negating a large portion of the risk from this hypothetical compromise?[/list=1]

Discuss amongst yourselves while I take a brief reprise.

Well... lemme play devil's advocate here... IE has always had this ability through the use of group policies (on applicable Windows versions.) In fact, the group policy approach is better than just strait privledge modification due to the fact that it is a bit more granular.


You have always had the privledge lowering option through "Run As" no matter what browser you ran.


Why are you using the administrator account anyway?

To expand upon d0pp's points--

If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.

There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.

An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.

However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.

Quote:

---

Originally posted here by KublaiKhan
There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.

---

It's the software's fault NOT window's...

KublaiKhan... for this point forward I forbid you from discussing computer security issues. To say you have flawed assumptions is like saying the Pacific Ocean is moist.

Seriously though... no more security answers until you ask and have answered a lot more security questions.

Quote:

---

If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.

---

I think you'll be hard pressed to find anyone on the planet that thinks the idea of a superuser account is a good one. This is perhaps the most frequently discussed weakness of the traditional UNIX system.
The Windows method of account structures makes far, far more sense. Accounts have no power that isn't controlled by the security policy. As opposed to normal users who all have the same privilieges and then a superuser account that doesn't even use permissions.

Quote:

---

There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.

---

No, they are the same reasons why so many new UNIX/Linux users spend all day as root. Because they are lazy... they don't like the occasional hassle of errors while installing new applications and since this happens frequently while first using a system (codecs, browser extensions, etc) they make a habit of it. I can't think of a time I've ever had an application break when run as a normal user saving for of course applications that do things normal users ought'nt be doing.

Quote:

---

An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.

---

This is pretty much how all the Windows 2000 systems at companies I've been employed for work (My home systems as well) and this is directly related to one of my "My Problem with Linux Questions" posts.

Quote:

---

However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.

---

The simplest way to do this is to create a shortcut for the application that you want to run as a different user and on the properties of the shortcut click the "Run as" check box. Not complicated... naturally you can do more advanced things like alter the permissions on the original application file to prevent users from ever launching it under their credentials.

cheers,

catch

Quote:

---

Why are you using the administrator account anyway?

---

Are you asking us or are you asking those people out there
in the real world? Here in the (somewhat) rarified atmosphere
of (ahem) educated users, yeah, anyone surfing as admin should
be slapped. I admit, when I first installed Linux, I spent some time as
root before disciplining myself, but most newbies do that for a while.

The problem is that Microsoft Windows has evolved from being a single
user OS into what it is today, while users haven't even been informed
that there is such a thing as a user account. They surf as admin
because that's what they did on Win98.

Try telling your G/F B/F husband wife or mom that they should create a user account.
What's that blank stare? Is she daydreaming? People need to be educated about this.
A lot of it is laziness. Hell, I'm lazy. I gotta have a reason to change my habits.
Knowledge doesn't come to me in my sleep. People go out and buy new PCs
and send Johnny or Suzy off to school where they can hook up to those
fast college networks. They magically know how to download and
install a P2P app, but, create a user account? That's an alien concept.

When is M'soft going to include a nice video intro to this concept? Say, on first boot
Ballmer appears on screen to walk you through it, instead a lot of fluff about
what a nice "experience" you're gonna have with Windows.
:cool:

Quote:

---

When is M'soft going to include a nice video intro to this concept? Say, on first boot
Ballmer appears on screen to walk you through it, instead a lot of fluff about
what a nice "experience" you're gonna have with Windows.

---

Actually WinXP Home has already stepped in this direction. It asks for a password for the Administrator but then it asks you to set up the users. Upon login it doesn't show the user the Administrator option - you have to go to safe mode for that. XP Pro is assumed that the user is either savvy enough to know about the dangers of Admin or that a tech person is setting the box up for a regular user.

So it's not all bad news.

Quote:

---

Originally posted here by SirDice
It's the software's fault NOT window's...

---

It's both, really. Yes, the software manufacturer ought to write it so that the software does not *need* to be run from an admin account.

However, I hardly think that Microsoft is entirely innocent from blame--there is entirely too much in the way of badly-written software out there. I've a sneaking suspicion it could be on account of a certain closed-mouthedness on Microsoft's account as to how to perform certain essential functions as a regular user, rather than the assumed single-user model that's been 'good enough' since Ye Olde Arcane Dayes of MS-DOS [ may it rest in pieces ].

Quote:

---

KublaiKhan... for this point forward I forbid you from discussing computer security issues. To say you have flawed assumptions is like saying the Pacific Ocean is moist.

Seriously though... no more security answers until you ask and have answered a lot more security questions.

---

I'll excuse you for not knowing who I am. Ask some of the older people. They'll vouch for my credentials.

Quote:

---

quote:
If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.

I think you'll be hard pressed to find anyone on the planet that thinks the idea of a superuser account is a good one. This is perhaps the most frequently discussed weakness of the traditional UNIX system.
The Windows method of account structures makes far, far more sense. Accounts have no power that isn't controlled by the security policy. As opposed to normal users who all have the same privilieges and then a superuser account that doesn't even use permissions.

---

In my experience, with a properly crafted set of user groups, and judicious application of chgrp, chown, and a proper understanding of how exactly unix file permissions work, the end result is far more secure than Windows ever could be.

And if a "Superuser" account is such a bad idea, whyfore does Windows have "Administrator"? That's just a misspelling of "root". *wink*

All jocularity aside, a security policy ought to be something developed for each specific case--not a fiat handed down from your software manufacturer.

Quote:

---

quote:
There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.

No, they are the same reasons why so many new UNIX/Linux users spend all day as root. Because they are lazy... they don't like the occasional hassle of errors while installing new applications and since this happens frequently while first using a system (codecs, browser extensions, etc) they make a habit of it. I can't think of a time I've ever had an application break when run as a normal user saving for of course applications that do things normal users ought'nt be doing.

---

I myself have spent a grand total of....let's see. Maybe six hours total in the root account, over my various years of using 'nix based systems.

What I was referring to was admittedly a slightly-out-of-date copy of StarOffice which would throw up an error and die in a normal user account, but would run normally with admin privleges. Puzzled me slightly for a while as to why it didn't work.

However, if you're pointing the finger at laziness and user-error, might I point out to you the vast majority of end-users who display those symptoms regularly on *all* platforms? I admit, Microsoft does seem to give a sort of half-effort towards setting things up to prevent the effects of user laziness--but it's still no substitute for a properly-administrated box.

Quote:

---

quote:
An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.

This is pretty much how all the Windows 2000 systems at companies I've been employed for work (My home systems as well) and this is directly related to one of my "My Problem with Linux Questions" posts.

---

Great. Good for you. You've got a clue; have a cookie.

This still does not change the fact that there are a great deal of other companies, and thousands more users out there, that do not take these precautions.

Quote:

---

quote:
However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.

The simplest way to do this is to create a shortcut for the application that you want to run as a different user and on the properties of the shortcut click the "Run as" check box. Not complicated... naturally you can do more advanced things like alter the permissions on the original application file to prevent users from ever launching it under their credentials.

cheers,

catch

---

That still doesn't address my fundamental point--I want to be able to have multiple accounts running simultaneously. Windows does not allow me to do this.

And I'll only be cheerful after I've had my coffee.

Quote:

---

I'll excuse you for not knowing who I am. Ask some of the older people.

---

Dad?????

Quote:

---

Originally posted here by Tiger Shark
Dad?????

---

HAH!

*snickers*

No, don't know you; you came after my time. Unless I have some bastard children I don't know about.

Negative, MsMittens, hogfly, and some of the others of that time period would know who I am.

'decided to come back in after a bit of an absence to see what's been going on and make a few contributions. Perhaps some really bad jokes, as well.

Quote:

---

Unless I have some bastard children I don't know about.

---

It's quite possible that that statement could be reversed..... ;)

So, your acheivments here were? A quick glimpse at your "most recent" posts seem to imply that you were more heavily involved in the general chit chat more than the security related forums... But I can't be bothered to look any deeper....

I have always been bothered by people who ask "You don't know who I am, do you?" as if you are the Queen of England..... I usually find that there is a reason for my not knowing.... ;)

Most of my contributions were via the old #antionline IRC channel. I never really got involved with the site itself.

And yeah, you wouldn't really know who I was as I'd more or less stopped what little posting on the site I'd done by the time you showed up, really.

IRC's more my style, anyway.

Quote:

---

I'll excuse you for not knowing who I am. Ask some of the older people. They'll vouch for my credentials.

---

Your comments speak more of your credentials than your old time cronies ever could.

Quote:

---

In my experience, with a properly crafted set of user groups, and judicious application of chgrp, chown, and a proper understanding of how exactly unix file permissions work, the end result is far more secure than Windows ever could be.

---

This indicates a clear ignorance on your part of the windows access control system. It is far more expressive than the UNIX system.
UNIX has two major flaws with its DAC system, first the lack of granularity. Simple RWX permission bits? That can be defined to no more than a single user (who must be the own) and a single group? And what about privilege granularity? There is none! Users all have the same privileges and root can do everything. The second major flaw is the fact that the UNIX security policy is not comprehensive. Root undergoes no privilege or permission checks.

Quote:

---

And if a "Superuser" account is such a bad idea, whyfore does Windows have "Administrator"? That's just a misspelling of "root". *wink*

---

Again this shows a simple ignorance of Windows security... neither the Administrator or the SYSTEM accounts are comparable to the root account. All of the Windows accounts privileges and permissions are controlled by the security policy. Root is not addressed by the security policy at all. If I set a file to deny access (ah the deny functionality another beauty of windows) or if I just don't explicitly allow access to the Admin account, the admin cannot access the file. The admin can take ownership of the file and modify the permissions... IF the security policy allows that privilege. Typically it is better to create an SSO account that has things like take ownership to improve administrative granularity.

Now you see why I had to forbid you from discussing computer security, until you are better educated. It is for your own good really.

Quote:

---

This still does not change the fact that there are a great deal of other companies, and thousands more users out there, that do not take these precautions.

---

Their laziness does not reflect back to the vendor if other companies are acting in an appropriate manner.

Quote:

---

That still doesn't address my fundamental point--I want to be able to have multiple accounts running simultaneously. Windows does not allow me to do this.

---

Um... if your running applications under different credentials how is this different than having multiple accounts running simultaneously? There is no need to run a full local environment as multiple users.

Quote:

---

I have always been bothered by people who ask "You don't know who I am, do you?" as if you are the Queen of England..... I usually find that there is a reason for my not knowing....

---

Pretty much. If the person is so unimpressive that they feel compelled to add value to themselves by the notion that you, yet shouldn't be ignorant of who they are... well it's kind of sad.

cheers,

catch

Someone seems to have gotten up on the wrong side o' th' bed this mornin'

Well, let's see if there's anything in there worth replying to.

Quote:

---

Your comments speak more of your credentials than your old time cronies ever could.

---

Respect for your elders, lad.

Quote:

---

This indicates a clear ignorance on your part of the windows access control system. It is far more expressive than the UNIX system.
UNIX has two major flaws with its DAC system, first the lack of granularity. Simple RWX permission bits? That can be defined to no more than a single user (who must be the own) and a single group? And what about privilege granularity? There is none! Users all have the same privileges and root can do everything. The second major flaw is the fact that the UNIX security policy is not comprehensive. Root undergoes no privilege or permission checks.

---

Users can belong to multiple groups, so I see no difficulty here. And I've been trying to figure out what you mean by all users having the same priveleges [ save root ].

Mostly I think that your attitudes are based on a lack of understanding of how 'nix-based systems work. It's a bit of a paradigm shift from the windows world, and can be confusing at first, I suppose.

Also, be advised that those members of the 'wheel' group traditionally have root-like powers, but without quite the same level of privelege.

Your vaunted granularity is really taken care of perfectly adequately by properly set-up groups. It's not the same way that microsoft seems to want to do its thing, but it's worked perfectly well so far on the vast majority of computer systems I've seen, and on the vast majority of networked servers.

And yes, root gets around all the file restrictions, et al. That's kind of its job.

Quote:

---

Their laziness does not reflect back to the vendor if other companies are acting in an appropriate manner.

---

....except when people look at the statistics of what sorts of systems have been compromised, and note that one particular system seems to be especially disproportionatally prone.

Quote:

---

Um... if your running applications under different credentials how is this different than having multiple accounts running simultaneously? There is no need to run a full local environment as multiple users.

---

Because some of us like having multiple people working on a machine. Saves overhead.

Catch, lad, you really should realize one thing--your way is not necessarily the *only* way. There are other, perfectly viable means of doing things, and diversity ought to be encouraged. Systems of any sort--whether biological, industrial [ car manufacturers, gasoline production ], technological [ computer manufacturers, software designers ] only truly flourish and advance when there is sufficient competition.

Quote:

---

Users can belong to multiple groups, so I see no difficulty here.

---

Users can belong to multiple groups... are you familiar with the Harrison, Ruzzo, Ullman conclusions regarding DAC systems from 1976? If so... are the problems they discussed aided or worsened by many overlapping groups?

Example: (this is taken from a real world system)
Four subjects (s1, ... s4)
Four objects (o1, ... o4)

each object is owned by its related subject (s1 owns o1, etc)

share o1 with s2(r) & s3(wx) +s1(rwx)
share o2 with s1(w) & s4(r) +s2(rwx)
share o3 with s2(rwx) +s3(rwx)
share o2 with s1(rw) & s3(wx) +s4(rwx)

What groups do we need?
Now lets imagine thousands of users and files. Whee.
This isn't even dealing with more complex permissions like I address later.

Quote:

---

And I've been trying to figure out what you mean by all users having the same priveleges [ save root ].

---

Users don't have privileges defined... only permissions... so naturally they all have the same permissions. Coming from a UNIX background you don't understand the difference between the two... because again privileges are never defined in UNIX. (as they are in nearly every other system security policy type)

Quote:

---

Mostly I think that your attitudes are based on a lack of understanding of how 'nix-based systems work. It's a bit of a paradigm shift from the windows world, and can be confusing at first, I suppose.

---

Actually myself having originated from a UNIX background (IRIX, TRIX, and HP-UX) I would say that the Windows model is more complex since the Windows security policy is essentially a superset of the UNIX one. Going from Windows to UNIX should be quite simple... though frustrating.

Quote:

---

Your vaunted granularity is really taken care of perfectly adequately by properly set-up groups.

---

Really? So how will groups help you set up directory that allows a user to delete files, but not subdirectories while allowing the user to create subdirectories (with a predefined set of rights different than the original directory) but not new files and disallows the user to execute files or traverse the directory and allowing them to read file attributes but not read file security settings?

Quote:

---

And yes, root gets around all the file restrictions, et al. That's kind of its job.

---

Exactly, it's root's job to exist as a violation to the system's security policy... the technical definition of this is "A vulnerability." A vulnerability put in place to facilitate lazy administration.

Quote:

---

....except when people look at the statistics of what sorts of systems have been compromised, and note that one particular system seems to be especially disproportionatally prone.

---

Last I checked the statistics of such things were appropriately proportional to scope of their use... also let us not forget UNIX's terrible audit trails.
Thinking that the number of compromised systems reflects on a system's capabilities is very simple-minded.

Quote:

---

Because some of us like having multiple people working on a machine. Saves overhead.

---

Unless you wish to take a step backward 20 years to mainframes... by my calculations users sharing a system results in more machines... at least two... one for each user to actually be physically connected to and then one is shared... or three where two terminals share a single computer.
Which, by the way is very doable with Windows... how do you think those Windows web hosting systems work? Many clients connect to a single server or server cluster... this can be done via a remote terminal like telnet. Users can manage their files and share computing resources.

Quote:

---

Catch, lad, you really should realize one thing--your way is not necessarily the *only* way. There are other, perfectly viable means of doing things, and diversity ought to be encouraged. Systems of any sort--whether biological, industrial [ car manufacturers, gasoline production ], technological [ computer manufacturers, software designers ] only truly flourish and advance when there is sufficient competition.

---

Not when people cling to a system proven to be flawed nearly 30 years ago because it is what they know. Then these same people get ego issues and don't want to admit that it is flawed because that would mean that their efforts and expertise is for naught.

cheers,

catch

Quote:

---

Catch, lad

---

:eek:

Kublai:

Now you have made a couple of mistakes.... You have assumed that because you were here before me you are therefore "superior".... Then you chose to argue with Catch.... Been there... Done that.... My ******* has healed... :D

Son.... You do not impress me.... Tell me something I don't know that I am interested in and that might change.... Your 100+ posts don't really make you godlike in my mind.....

Quote:

---

Originally posted here by Tiger Shark
:eek:

Kublai:

Now you have made a couple of mistakes.... You have assumed that because you were here before me you are therefore "superior".... Then you chose to argue with Catch.... Been there... Done that.... My ******* has healed... :D

Son.... You do not impress me.... Tell me something I don't know that I am interested in and that might change.... Your 100+ posts don't really make you godlike in my mind.....

---

Never said I was superior...just pointing out that I'm not as clueless as some people seem to think. And I'm wearing my iron underpants, so as not to 'catch' anything unfortunate. I admit it was a wee bit of a mistake to attempt to reason with someone who cannot be reasoned with...ought to have done my research a bit better beforehand. *wink*

Ah, well. I didn't notice until just now that this is the 'Microsoft Security Discussions' forum...so of course much of my advice won't be welcome. Mea culpa, mea culpa, mea maxima culpa. One ought not debate with a fanatic on their own territory.

Catch, you've made your point--you're rabidly anti-unix, though for what reason I still cannot fathom. If you wish to seek me out and explain, you're free to do so, though it's easier to find me on IRC than anywhere web-wise. Server's in the PM I sent you before.

Ciao, folks.

I am not anti-UNIX... I am just realisitic about sperating system not sure how many times I can say this. Hell I don't even like Windows that much... it is just best for the majority of my uses.

However the traditional UNIX security policy as anemic and the superuser account is a huge weakness. Even the most harded UNIX diehards understand these points.

If you think I am incorrect please find one thing wrong with what I have said.

I can easily be reasoned with, but you have shown me nothing new. I've had conversations about UNIX security more times than I can count... other users at least try to muddy the waters with ISO-15408 references or discussion of CAF, MLS, or SE extensions.

cheers,

catch

Quote:

---

I am not anti-UNIX

---

Snicker.
:cool:

Quote:

---

Originally posted here by Tiger Shark
Dad?????

---

no he is a human being. but maybe he could looklike a goat if you got drunk.

on topic

su nobody

./firefox

Quote:

---

Originally posted here by catch
[B]Really? So how will groups help you set up directory that allows a user to delete files, but not subdirectories while allowing the user to create subdirectories (with a predefined set of rights different than the original directory) but not new files and disallows the user to execute files or traverse the directory and allowing them to read file attributes but not read file security settings?


Exactly, it's root's job to exist as a violation to the system's security policy... the technical definition of this is "A vulnerability." A vulnerability put in place to facilitate lazy administration.


Last I checked the statistics of such things were appropriately proportional to scope of their use... also let us not forget UNIX's terrible audit trails.
Thinking that the number of compromised systems reflects on a system's capabilities is very simple-minded.

[B]

---

i have a folder on a system where users exist, can't delete other sub dirs but can use their own files and create new folders. i believe its called /home

root can be knocked down enough to not have full access. though i dont see your big deal over it. root should have that access. only an idiot is going to run something as root that could potentially harm the system in the first place.

the number of compromised systems vs how secure it is.... yea that would be dumb wouldn't it, i mean security being how secure you can make something maybe its the idiot windows admins alloowing those nasty break ins that are at fault and not windows developers for skipping out on the coding for jack asses class.
maybe one day when i start doing hallucinogenics i can comprehend what the hell you are talking about and how you make it that just because 90% of one platform gets owned in a given year, and only 10% of another platform gets pwnd the one that gets bent over the most is moe secure because it COULD be.

thats like saying driving a pinto is more safe than driving a mercedes because pintos only let the ass end blow up on you if your to stupid to not dodge others on the info super highway from hitting you from the back. it just doesnt work right for me man.

and tiger shark your ego amazes me. you come off as being someone who believees that just because your older than sand and know how to be a windows admin and because youv been in the service that that somhow makes you a man.

kublai makes a post saying he doesn't agree and you laugh at the notion you could be wrong and he could be right you brain washed ninny. and then you have the nerve to say your not impressed? since when does someone have to finger your ass crack before they are allowed here?

Quote:

---

thats like saying driving a pinto is more safe than driving a mercedes because pintos only let the ass end blow up on you if your to stupid to not dodge others on the info super highway from hitting you from the back.

---

The 1974 Pinto is the canonical example I usually refer to.
Anyway, it was only vulnerable when you got hit. Remember
to turn your PC off at night, because Windows is only vulnerable
while it is running.
:cool:

Quote:

---

and tiger shark your ego amazes me.

---

You haven't seen anything yet son......

It's nothing to do with ego.... It's all about knowing my limits.... I know them... Do you know yours?

Finger your crack if it amuses you.... I stopped doing it after a while in the jungle because it began to chafe like hell.....

You need to learn what "computer security" is.... Because all you seem to be here for is to maintain that you OS is better then mine... and that's naive!

I have _never_ been impressed by anyone who says "You don't know who I am, do you?".... That is the ultimate bullshit.... Because, obviously, if I don't recognize you then you aren't what is generally accepted as "well known".... But they have an ego that makes them think I should... Dumbasses!!!! :rolleyes:

Now, trot along and do your homework.... With luck you will get into college....

Quote:

---

i have a folder on a system where users exist, can't delete other sub dirs but can use their own files and create new folders. i believe its called /home

---

And I believe that is not what I asked.

I asked "So how will groups help you set up directory that allows a user to delete files, but not subdirectories while allowing the user to create subdirectories (with a predefined set of rights different than the original directory) but not new files and disallows the user to execute files or traverse the directory and allowing them to read file attributes but not read file security settings?"

If you have difficulty grasping the difference, we shouldn't be having this conversation.

Quote:

---

root can be knocked down enough to not have full access. though i dont see your big deal over it. root should have that access. only an idiot is going to run something as root that could potentially harm the system in the first place.

---

Modifying root in such a manner is non-traditional UNIX security (I believe I mentioned the idea of muddying the waters with CAF, MLS, and SE extensions).

You don't see my problem with root?

"vulnerability
A weakness in system security procedures, system design, implementation, internal controls,
etc., that could be exploited to violate system security policy."
-NCSC-TG-004 "Glossary of Computer Security Terms" (Teal Green Book)

What would you call an account that has access to things not granted to it by the access control policy? Seems like a vulnerability to me... oddly enough the NSA agrees with this... whodathunkit?

Quote:

---

the number of compromised systems vs how secure it is.... yea that would be dumb wouldn't it, i mean security being how secure you can make something maybe its the idiot windows admins alloowing those nasty break ins that are at fault and not windows developers for skipping out on the coding for jack asses class.

---

I tell you what... name me a single (that means one) vulnerability in the Windows 2000 operating system that was a true vulnerability... where the system security policy was violated. Name just one.

If you can't name one we have nothing further to discuss.
If you post bad examples where the exploit occurred within the bounds of a lax security policy I will take that to mean that you have no clue what vulnerabilities are, how they are classified, and what exactly a security policy is.

If you would like me to provide you acedemic papers on this topic I would be more than happy to do so. If you wish to rely on simple numbers of compromised systems (that not only fail to reveal any useful information, but the numbers themselves are suspect as well), more power to ya, just please don't waste any more of my time.

cheers,

catch

Quote:

---

Originally posted here by Tiger Shark
You haven't seen anything yet son......

It's nothing to do with ego.... It's all about knowing my limits.... I know them... Do you know yours?

You need to learn what "computer security" is.... Because all you seem to be here for is to maintain that you OS is better then mine... and that's naive!

Now, trot along and do your homework.... With luck you will get into college....

---

Normally this wouldn't warrent a reply, but considering that is my cousin...

First off, I've known him all his life, he's never said "My OS is better than yours" so saying he's only here to say something he's never said even 1 time and then calling it naive.... Wouldn't that make YOU naive, considering he hasn't said a word about any Os being better than another? Or were you assuming that because his name says Mandrake and Tux? For all you know he wears flashy clothing and likes screaming plants. (and don't think that's a drug reference either, he hasn't ever touched any of THOSE plants either)... And , it must be said, you did pretty much scoff at him with a buzz off you little twerp attitude.



Catch:

He was 10 when Windows 2000 came out. But anyway, I haven't read everything you've posted but it sounds like what you're asking could be done on a Unix system, but it wouldn't be with a mouse unless you had GNOME or something loaded.

They added something to Gnome similar to the Windows NT box that lets you change permissions from the window. Probably not what you're looking for though.

Gore... trust me on this... can't be done within the traditional UNIX security policy. Clearly some random exotic third party tool might offer such controls... though who knows what level of assurance they will have.

The Windows security model is more expressive than the UNIX model is... this isn't an opinion it is mathematical fact. :)

cheers,

catch

Gore:

I initially typed "childish" which I replaced with "naive" because of:-

Quote:

---

you come off as being someone who believees that just because your older than sand and know how to be a windows admin and because youv been in the service that that somhow makes you a man.

---

I should have left the "childish".....

He started with my age.... he moved to windows.... he went on to my service and he ended up with my masculinity... all on the same sentence.....

He doesn't deserve any quarter from me..... he's being a dick... I'll treat him like one.... When he grows up I'll treat him like an adult..... Until then he will remain..... "Son"....

Quit trying to protect him and teach him how to be an adult...... He clearly needs the assistance....

G'night.... I still have things to do....

He's a dick sometimes I know that, but he's 16 and needs a mixture of his ass kicked and his attitude changed and protected. He wants to join the Marines to help his being an ******* out, but what he MEANt by you being a Windows user wasn't "You use Windows" it was more like .... It seemed to have come off that the way you were whacking KK on the ass seemed like you were doing it because you use Windows and think it's better, and well, I know Catch can say that because he's a Unix guy who switched, but I know you haven't used Unix. So it makes it seem like you're knocking it without trying it. Man, tired, reword this later.

Quote:

---

I know Catch can say that because he's a Unix guy who switched,

---

I just had a conversation in PM with another user about this... they asked my favorite operating systems... and I replied:

"For research and software development or large data processing systems UNIX can't be beat. I prefer AIX for large data processing systems and Solaris or IRIX as a workstation... SUSE isn't bad either.

For graphical development/editing systems... MacOS and IRIX again get my vote."

People just accuse me of being anti-UNIX because I have a realistic idea about its security architecture.

And gore... at 16, your cousin needs to learn to shut his mouth and open his mind. I think we can all agree how clueless we were at 16. ;)

cheers,

catch

Quote:

---

What would you call an account that has access to things not granted to it by the access control policy?

---

I would call that a contradiction in terms, and a straw man.
On my own PC, I write the goddamn access control
policy, and I am root. You got a problem with that?
No? Then STFU.
:cool:

You write the use policy, the developers write the system policy. You merely configure the system policy to ideally be in line with the use policy.

At the end of the day you have a policy of access controls... and then an account that completely voids that policy. Not sure why you have difficulty in grasping that fact... but then you have a problem grasping many facts...

cheers,

catch

What penance must I do, oh great one?
:cool:

Every morning look into the mirror and repeat:

Reference monitors are good enough,
Reference monitors are smart enough,
Doggone it people like reference monitors.

twenty times or so until you really believe it. ;)

cheers,

catch

Quote:

---

Originally posted here by catch
SUSE isn't bad either.

And gore... at 16, your cousin needs to learn to shut his mouth and open his mind. I think we can all agree how clueless we were at 16. ;)

---

Heheheheheheheheheheheh say it more often catch :)

And yea, he's 16 and in high school so he's learning from me he isn't right all the time, and I make sure and tell him his freinds are idiots weekly.

Quote:

---

As opposed to normal users who all have the same privilieges and then a superuser account that doesn't even use permissions.

---

Quote:

---

Root undergoes no privilege or permission checks.

---

Super user does use permissions but then will allow override if directly specified... had plenty of moments like these editing the hosts file...

Quote:

---

I asked "So how will groups help you set up directory that allows a user to delete files, but not subdirectories while allowing the user to create subdirectories (with a predefined set of rights different than the original directory) but not new files and disallows the user to execute files or traverse the directory and allowing them to read file attributes but not read file security settings?"

---

Very interesting example... Is this a real world example?

Quote:

---

Super user does use permissions but then will allow override if directly specified

---

Not true... it does not do a permission check... observe:

Code:

---

[root@luna doc_root]# uname -a
Linux luna.xxxxxx.xxx 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknown

[root@luna doc_root]# ls -l test
-rwx------    1 apache  apache          2 Dec  4 10:54 test

[root@luna doc_root]# vi test
*** change the contents of test from "1234" to "23456" ***
*** No errors or warnings are issued ***

[root@luna doc_root]# ls -l test
-rwx------    1 apache  apache          3 Dec  4 10:57 test

---

Root is able to alter files which it has no specified rights to, since UNIX uses a default deny model... clearly no check has been done.

Quote:

---

Is this a real world example?

---

Yes, one of the operators at more former employer had rights like this... useful for deleting files that other users were not allowed to delete regarding various aspects of application development, etc (when they deleted these files they went to this directory) the operator would create new subdirs for different projects or points of deletion.

cheers,

catch

bumped