Re: risks of using net apps as a user in wheel or adm?
On Sun, Nov 04, 2007 at 07:23:47PM +, Joe wrote: ... > > It was to do with the original point, active client-side content of web > pages, really. This was the 'vast majority of downloaded software' I meant, sorry, I musunderstood that point... > and was contrasting it with the distribution of system executables, which > is done relatively safely. Microsoft may not be as ethical as we would > like, but so far the actual distribution system has remained fairly > tamper-proof. Whatever malicious software ends up in the machine is exactly > the malicious software that Microsoft meant to distribute. And if the use > of apt reached Windows-like proportions, how many people would manually > invoke it each day? How many would scour the Internet for half an hour > first, looking for evidence that the pending updates were safe or > not? I agree with you here. In fact, we basically agree across the board here, we just suffer from the medium's lack of nuance. ;) > But hey, I > deal with my government, whose ethics are lower still. shudder. I feel for you. at the moment, I am largely insulated from *that* horror. cheers. A signature.asc Description: Digital signature
Re: risks of using net apps as a user in wheel or adm?
Andrew Sackville-West wrote: On Sat, Nov 03, 2007 at 10:41:35AM +, Joe wrote: Andrew Sackville-West wrote: On Fri, Nov 02, 2007 at 09:29:51PM +, Joe wrote: Microsoft Update and apt-get are probably as close as you get, and I wouldn't bet a large amount of money that either is 100% safe. One day MU will get hacked, and the whole world will collapse. wow, that's quite a comparison: Microsoft Update which will secretly upgrade stuff on the system even when explicitly told not to versus apt-get which must be explicitly told what to do and then asks "are you sure?" And I won't even go into the parts where you get to look at apt code... Frankly I hope MU does get hacked (if it hasn't already) because some people need to learn some lessons, not the least of which is MS itself for releasing such tragically flawed software to begin with. Note though that I do not wish ill upon the poor users of this product... merely that the PTB's over there would get a clue (and yes I know many of them do have a clue, just not enough or the right ones). Ah, I wasn't comparing operational use, fair enough... just the systems as being reasonably tamper-proof methods of delivering software from the original sources to the user. see, there is a significant difference here. MU allows kernel level software upgrades to be loaded into the system without admin intervention or knowledge. So it appears to me that MU is *not* reasonably tamper-proof and is infact designed to be tampered with.. The vast majority of downloaded software comes from unidentifiable sources via paths which are relatively easily hacked. The vast majority of whose software? All mine comes from signed archives with keys that I can verify. The MU issue is simply one of monoculture, not software quality. I disagree. The whole MU issue is about fundamentally flawed ideas about software. The software produced from a flawed concept (that its okay to have some party arbitrarily install kernel level software remotely without admin interaction) is flawed and not quality software. If 90% of the world's PCs used apt-get daily, the repercussions of malware smuggled into major packages would be just as serious as an MU hack today. Yes, except again, if the apt repositories were compromised, we would still have the option to not bother typing apt-get upgrade (once the news got out, of course. Some would surely still fall...). If someone hacks MU, then that hack can be distributed automatically to every box to be automatically installed even if the admin has turned off the automatic install "feature". BTW, I'm not sure that we're actually arguing here. It maybe that I just don't understand what you're saying :) It was to do with the original point, active client-side content of web pages, really. This was the 'vast majority of downloaded software' I meant, and was contrasting it with the distribution of system executables, which is done relatively safely. Microsoft may not be as ethical as we would like, but so far the actual distribution system has remained fairly tamper-proof. Whatever malicious software ends up in the machine is exactly the malicious software that Microsoft meant to distribute. And if the use of apt reached Windows-like proportions, how many people would manually invoke it each day? How many would scour the Internet for half an hour first, looking for evidence that the pending updates were safe or not? My point was that the mass of JS, Flash etc. which is taken as a normal part of web browsing, is as Doug said back in the beginning, the execution of someone else's programs on your computer. I'm not convinced it's the right way to be going, and I'd like to see the processing done on the server, with only the client's screen being affected by the result. I doubt that many Linux users would disagree, it's always been the Windows world that has pushed the PC as an entertainment machine, owned by Microsoft and the other software writers rather than the person who paid for it. A few more attributes of html tags would in my mind be preferable to requiring JS for quick entry validation, for example. I'm a bit uneasy that even banks seem to find JS indispensable, when for the kind of simple user entry processing involved, it certainly isn't. And while I'm a user of Windows, and indeed a Microsoft Partner, it's purely for economic reasons. I sup with the longest spoon I can find, and I've yet to find a good word to say about the company itself. But hey, I deal with my government, whose ethics are lower still. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: risks of using net apps as a user in wheel or adm?
On Sat, Nov 03, 2007 at 10:41:35AM +, Joe wrote: > Andrew Sackville-West wrote: >> On Fri, Nov 02, 2007 at 09:29:51PM +, Joe wrote: >>> Microsoft Update and apt-get are probably as close as you get, and I >>> wouldn't bet a large amount of money that either is 100% safe. One day MU >>> will get hacked, and the whole world will collapse. >>> >> wow, that's quite a comparison: Microsoft Update which will secretly >> upgrade stuff on the system even when explicitly told not to versus >> apt-get which must be explicitly told what to do and then asks "are >> you sure?" And I won't even go into the parts where you get to look at >> apt code... >> Frankly I hope MU does get hacked (if it hasn't already) because some >> people need to learn some lessons, not the least of which is MS itself >> for releasing such tragically flawed software to begin with. Note though >> that I do not wish ill upon the poor users of this >> product... merely that the PTB's over there would get a clue (and yes >> I know many of them do have a clue, just not enough or the right ones). > > Ah, I wasn't comparing operational use, fair enough... > just the systems as being > reasonably tamper-proof methods of delivering software from the original > sources to the user. see, there is a significant difference here. MU allows kernel level software upgrades to be loaded into the system without admin intervention or knowledge. So it appears to me that MU is *not* reasonably tamper-proof and is infact designed to be tampered with.. > The vast majority of downloaded software comes from > unidentifiable sources via paths which are relatively easily hacked. The vast majority of whose software? All mine comes from signed archives with keys that I can verify. > > The MU issue is simply one of monoculture, not software quality. I disagree. The whole MU issue is about fundamentally flawed ideas about software. The software produced from a flawed concept (that its okay to have some party arbitrarily install kernel level software remotely without admin interaction) is flawed and not quality software. > If 90% of > the world's PCs used apt-get daily, the repercussions of malware smuggled > into major packages would be just as serious as an MU hack today. Yes, except again, if the apt repositories were compromised, we would still have the option to not bother typing apt-get upgrade (once the news got out, of course. Some would surely still fall...). If someone hacks MU, then that hack can be distributed automatically to every box to be automatically installed even if the admin has turned off the automatic install "feature". BTW, I'm not sure that we're actually arguing here. It maybe that I just don't understand what you're saying :) A signature.asc Description: Digital signature
Re: risks of using net apps as a user in wheel or adm?
On Sat, Nov 03, 2007 at 10:41:35AM +, Joe wrote: > Andrew Sackville-West wrote: > >On Fri, Nov 02, 2007 at 09:29:51PM +, Joe wrote: > >>Microsoft Update and apt-get are probably as close as you get, and > >>I wouldn't bet a large amount of money that either is 100% safe. One day > >>MU will get hacked, and the whole world will collapse. > >> > > > >wow, that's quite a comparison: Microsoft Update which will secretly > >upgrade stuff on the system even when explicitly told not to versus > >apt-get which must be explicitly told what to do and then asks "are > >you sure?" And I won't even go into the parts where you get to look at > >apt code... > > > >Frankly I hope MU does get hacked (if it hasn't already) because some > >people need to learn some lessons, not the least of which is MS itself > >for releasing such tragically flawed software to begin with. > > > >Note though that I do not wish ill upon the poor users of this > >product... merely that the PTB's over there would get a clue (and yes > >I know many of them do have a clue, just not enough or the right ones). > > > > Ah, I wasn't comparing operational use, just the systems as being > reasonably tamper-proof methods of delivering software from the original > sources to the user. The vast majority of downloaded software comes from > unidentifiable sources via paths which are relatively easily hacked. > > The MU issue is simply one of monoculture, not software quality. If 90% > of the world's PCs used apt-get daily, the repercussions of malware > smuggled into major packages would be just as serious as an MU hack today. > Right, but what about on a stock Debian system (no windows), using iceweasel with javascript and flashplayer while a member of wheel, ssh, adm, staff, and having important info and documents in one's home directory? Would it be better to have a separate user not a member of any special groups (perhaps rdtutty instead of dtutty) then put a /home/rdtutty/uldl directory owned rdtutty.dtutty and symlinked to /home/dtutty/uldl. This would facilitate file transfer of downloads (such as OS .iso's, pdf's, etc)? Would that fully protect my stuff, or is the whole box's security at some risk having any user on a box run iceweasel, javascript, and flash? Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: risks of using net apps as a user in wheel or adm?
Andrew Sackville-West wrote: On Fri, Nov 02, 2007 at 09:29:51PM +, Joe wrote: Microsoft Update and apt-get are probably as close as you get, and I wouldn't bet a large amount of money that either is 100% safe. One day MU will get hacked, and the whole world will collapse. wow, that's quite a comparison: Microsoft Update which will secretly upgrade stuff on the system even when explicitly told not to versus apt-get which must be explicitly told what to do and then asks "are you sure?" And I won't even go into the parts where you get to look at apt code... Frankly I hope MU does get hacked (if it hasn't already) because some people need to learn some lessons, not the least of which is MS itself for releasing such tragically flawed software to begin with. Note though that I do not wish ill upon the poor users of this product... merely that the PTB's over there would get a clue (and yes I know many of them do have a clue, just not enough or the right ones). Ah, I wasn't comparing operational use, just the systems as being reasonably tamper-proof methods of delivering software from the original sources to the user. The vast majority of downloaded software comes from unidentifiable sources via paths which are relatively easily hacked. The MU issue is simply one of monoculture, not software quality. If 90% of the world's PCs used apt-get daily, the repercussions of malware smuggled into major packages would be just as serious as an MU hack today. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: risks of using net apps as a user in wheel or adm?
On Fri, Nov 02, 2007 at 09:29:51PM +, Joe wrote: > Microsoft Update and apt-get are probably as close as you get, and > I wouldn't bet a large amount of money that either is 100% safe. One day MU > will get hacked, and the whole world will collapse. > wow, that's quite a comparison: Microsoft Update which will secretly upgrade stuff on the system even when explicitly told not to versus apt-get which must be explicitly told what to do and then asks "are you sure?" And I won't even go into the parts where you get to look at apt code... Frankly I hope MU does get hacked (if it hasn't already) because some people need to learn some lessons, not the least of which is MS itself for releasing such tragically flawed software to begin with. Note though that I do not wish ill upon the poor users of this product... merely that the PTB's over there would get a clue (and yes I know many of them do have a clue, just not enough or the right ones). A signature.asc Description: Digital signature
Re: risks of using net apps as a user in wheel or adm?
Douglas A. Tutty wrote: This is a more general question to an issue that came up in another thread. Not to single out Iceweasel but, for example, IIUC, javascript and flashplayer end up running someone else's code on your computer as you. What are the security implications of this? What could a malicious flash or piece of javascript really do you files in your home directory? What are the security implications of this if you are also a member of group wheel, adm, or staff? As for my home directory, of course it has security-sensitve info: health info, passwords, and other private documents. Should I have a separate user setup for just running a javascript- and flash-enabled web browser? I would, but see below. I know that any software can have bugs, but I think that software that has to keep up with features to be useable (e.g. a browser) is more likely to be at risk of unknown exploits than more feature-stable net-apps such as mutt, exim, ftp, or rsync. No doubt about that, though I don't think there's any way to quantify or even guess the risk, other than by saying 'less is better'. Unfortunately, cross-platform content also implies cross-platform malware. We can't just rely on not being Windows users, and I suspect that all 'technologies' are capable of much more harm than their inventors intended. We now have PDF malware. The bad guys are just plain more inventive. I can do most of what I need with Iceweasel without flash and with No-Script, and I'm not a member of any useful security groups. I read secure logs with a sudo-ed mc in a terminal. I'd rate my paranoia as at least 90% of the theoretical 'pull-all-the-plugs-out' maximum. But then I've also run various versions of Windows for more than ten years, mostly without AV, without ever picking up anything unwanted, so it does help. There's just no safe way of running other peoples' software on your machine. Microsoft Update and apt-get are probably as close as you get, and I wouldn't bet a large amount of money that either is 100% safe. One day MU will get hacked, and the whole world will collapse. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: risks of using net apps as a user in wheel or adm?
On Fri, Nov 02, 2007 at 02:41:11PM -0400, Celejar wrote: > On Fri, 2 Nov 2007 13:19:58 -0400 > "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote: > > > This is a more general question to an issue that came up in another > > thread. > > > > Not to single out Iceweasel but, for example, IIUC, javascript and > > flashplayer end up running someone else's code on your computer as you. > > > > What are the security implications of this? What could a malicious > > flash or piece of javascript really do you files in your home directory? > > > > What are the security implications of this if you are also a member of > > group wheel, adm, or staff? > > I would add that many users, especially on single user machines, > probably have something like: > > username ALL = NOPASSWD: ALL > > in /etc/sudoers well, that's a problem. I don't do that on any machine, just because I want to be forced to enter a sudo password so that I think that extra thought before doing whatever it is I'm about to do. Now for specific commands? sure like NOPASSWD:/sbin/shutdown on my laptop, because that's just convenient and if someone wants to hack my lappy and shut it down, well, more power to them... A signature.asc Description: Digital signature
Re: risks of using net apps as a user in wheel or adm?
On Fri, 2 Nov 2007 13:19:58 -0400 "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote: > This is a more general question to an issue that came up in another > thread. > > Not to single out Iceweasel but, for example, IIUC, javascript and > flashplayer end up running someone else's code on your computer as you. > > What are the security implications of this? What could a malicious > flash or piece of javascript really do you files in your home directory? > > What are the security implications of this if you are also a member of > group wheel, adm, or staff? I would add that many users, especially on single user machines, probably have something like: username ALL = NOPASSWD: ALL in /etc/sudoers > Doug. Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
