Rathole? -- Thomas Roessler <[EMAIL PROTECTED]>
On 2007-03-20 21:00:00 -0400, Derek Martin wrote: > From: Derek Martin <[EMAIL PROTECTED]> > To: Mutt Developers <[email protected]> > Date: Tue, 20 Mar 2007 21:00:00 -0400 > Subject: Re: [PATCH] Remove absolute paths from gpg.rc > Reply-To: [email protected] > X-Spam-Level: > X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5 > > On Tue, Mar 20, 2007 at 07:28:36AM +0000, Dave wrote: > > Look, if the user doesn't care, that's his own choice. We're > > programmers, not policemen. If you want to force the user to follow > > your rules because you think you have the right to not trust a user > > with his own system, get Palladium, or whatever MS renamed it to. > > You're setting a dangerous precedent by assuming that your users are > > stupid. > > This is complete and utter nonsense. > > I'm guessing you're like a 2nd or 3rd year college student, idealistic > and optimistic about future possibilities, excited about a career > working with Unix. And naive as all hell. Programmers didn't need to > be policemen in 1968 when Dennis Ritchie and Ken Thompson were working > on Unix... there were about 3 people using it back then. Today things > are different; programmers ARE and MUST BE policemen, because the vast > majority of users don't know any better. Everything you've said in > this message has proven beyond a shadow of a doubt that you are one of > them. > > > Your logic here is screwey, because we _must_ assume that the user > > has enough of a clue to care about whatever he wants to care about. > > Wrong again. We must care about security, because USERS WANT US TO. > They want security, but they don't want to have to learn about it. > Users made it our job. > > > > If only the user were affected, that would be one thing. > > > > If your security is compromised by the actions of another user on his own > > system, then your security model is screwed up. > > Here's where you proved beyond a shadow of a doubt that you don't know > anything at all about what security is, or how it works. > > > 10. Distrust the unknown. Anything provided by users or from outside > > of the program is suspect. > > > > His error is that he neglects to draw the distinction between user input and > > "outside" input. > > You have the audacity to cite "errors" in the advice of one of the > most renowned and respected computer security experts in the business. > Unbelievable! > > > If I'm the owner, my trust is the only thing that matters in my system. > > And who will you blame if your system gets compromised? The > programmers... > > The rest of what you wrote is simply too naive and in some cases > asinine to respond to. Blind adherence to any philosophy or dogma is > folly, and your blind adherence to the Unix philosophy is your folly. > No philosophy is always right. Your ravings about manipulating $PATH > being incompatible with Unix are absurd in the extreme; this is an > established best practice for security-sensitive *UNIX* software for > more than a decade. Your blessed qmail uses it (it inserts its > installation directory first into the PATH, to ensure that any > programs it calls are the right ones), as does any sane > security-sensitive application. > > "The first fact to face is that UNIX was not developed with > security, in any realistic sense, in mind; this fact alone > guarantees a vast number of holes." > > --Denis Ritchie, designer of Unix and creator of the Unix > Philosophy > > > http://scholar.google.com/scholar?hl=en&lr=&q=cache:8DMaAOIZSQkJ:secur.ibelgique.com/unix/ritchie.ps+ > > -- > Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 > -=-=-=-=- > This message is posted from an invalid address. Replying to it will result in > undeliverable mail. Sorry for the inconvenience. Thank the spammers. >
