On Fri 04 Oct 2019 at 11:36:02 +0200, to...@tuxteam.de wrote: > On Fri, Oct 04, 2019 at 10:11:52AM +0100, Brian wrote: > > [...] > > > > Yes, "our" security story is way better than theirs [...] > > [edit: I forgot to put "theirs" in quotes] > > > A single reliable, well-documented and repeatable example of a problem > > caused by pressing enter or clicking on a mail would go a long way to > > wipe the smile of my face. > > That's not my goal, anyway. Smiles are like sunshine, so why would > I want to wipe them?
:) > But still: every "code execution" escape in your MUA paired with a > privilege escalation (or some social-engineering equivalent like > "click here to install shiny package) is an example. And "we" have > had bunches of those. That's *after* the mail is opened. > > User files are not necessary for the health of the system. > > But they're the those which really count: after all, I can reproduce > the system easily. The integrity of a user's files is underpinned by the integrity of the system. What price a user's files when the system knocks a few 0s and 1s off them at random times? Replacing one defective system with another equally defective one leaves those files in the same precarious situation. > Of course, smart users compartmentalize the risk: as an example, > my tax declaration is done under a different user (for one, it's > somewhat sensitive data, for the other, my tax overlords force > me to use a browser with all gates open, which I consider as > inherently insecure, so I prefer to keep things separate. And > this separation is helped [1] by the system's integrity. I'd see it in stronger terms than "helped". Otherwise, you are just exchanging one risk for another if the separation is not enforced. -- Brian.