On Wed, 25 Jul 2007, William L. Anderson wrote: > I am flabbergasted. When I first encountered Unix in 1983 I was taught > that you always run as an ordinary user, and only use admin (root) > privileges when needed. If OS X developers are running as admin, and > building and testing their products as admin, well ... I'm still in > shock. And I weep for the species.
Unfortunately, there's not much of a surprise here. The same problem exists for lots of Windows-based applications. I regard it as a leftover from the fact that these OSes were not designed to be multi-user, but the threat landscape has changed such that multiple users (or at least multiple roles for the same user?) are necessary. This will take a bit of time before it registers with the everyday computer user or developer of these mono-user systems. - Steve _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
