On Friday 18 November 2005 21:54, Les Mikesell wrote:
The black hat activities can only exploit existing bugs and adding new code that no one understands may not be the way to reduce bugs.
No, it may not be a reduction in the net number of bugs. I'll not argue that point. I will say that I do think the base premise of one superuser is a Wrong Thing, and I think properly implemented roles and mandatory access controls are the right direction for adding yet another layer.
If I have a flat tire, and have five patches to fix the tire, but each patch has a hole in it, the likelihood is that if I apply all five patches the holes won't line up and I can make it home on the tire. Yes, it is possible that all five holes will line up; but it is less likely than with one patch on the tire. And all the patches have holes; there is always one more bug in every program, regardless of age and experience.
If you are starting from scratch building a new service you can do that. If you've inherited 30 years worth of existing stuff that relies on permissions being what the filesystem says they are, then you are going to be spending an enormous amount of time trying to fix something that wasn't broken.
And this is the sort of thing the Fedora and Red Hat developers are doing now. This is why RHEL has a targeted and not a blanket enforcing policy. No, it is not perfect. Neither are the other security features in recent Red Hat releases, some of which interacted badly with some programs I use daily (CrossOver Office, for one, didn't like execshield, but it was Wine that was broken, not execshield).
It's no fun arguing with someone who is being reasonable...
Judging from some others' replies, not all share your opinion; that's ok. I try to be reasonable, but I also tend to expect others to be reasonable, and tend to get nervy with those who are unreasonable. And I am not always successful at being reasonable (just ask my kids). :-)
But compare this to a few years back when distributions added ssh because of its security advantages over telnet - and in doing so introduced the means that many systems, including some of mine, were exploited using bugs in the new code. Following someone else's advice about best practices doesn't always make your system more secure, even when the theory sounds right.
In theory, there is no difference between theory and practice. In practice, there is.
I wasn't impacted by the ssh holes, since I had two more layers above that preventing any ssh sessions from untrusted IP's. Of course, I patched when the patches came out, because I know that no firewall is perfect. But the holes don't usually line up.
Layers, layers, layers. Winter is coming upon us, and the advice is always to dress in layers. Sound advice, both for clothing and for security. The Internet Blizzard of malware is upon us; weather the storm with layers. Yeah, that woolen union suit might itch, but it sure is warm.