Re: [SC-L] how far we still need to go

2007-08-28 Thread McGovern, James F (HTSC, IT)
Of ljknews Sent: Wednesday, July 25, 2007 10:23 PM To: SC-L@securecoding.org Subject: Re: [SC-L] how far we still need to go At 2:03 AM +0100 7/26/07, Dinis Cruz wrote: > It's a simple economics problem. The moment these companies and >developers lose sales (or market share) because the

Re: [SC-L] how far we still need to go

2007-07-26 Thread ljknews
At 2:03 AM +0100 7/26/07, Dinis Cruz wrote: > It's a simple economics problem. The moment these companies and >developers lose sales (or market share) because their products require >admin / root privileges to run, is the moment they start to REALLY support >it. For Windows that day might be when

Re: [SC-L] how far we still need to go

2007-07-25 Thread William L. Anderson
BB, well yes I did gloss over the OS X admin and Unix "root" diffs. And I agree that the install does create the first user as admin. That's a problematic scenario. Furthermore, I probably know too much, because I knew I wanted to create an ordinary user acc't in addition to admin on my personal

Re: [SC-L] how far we still need to go

2007-07-25 Thread Dinis Cruz
It's a simple economics problem. The moment these companies and developers lose sales (or market share) because their products require admin / root privileges to run, is the moment they start to REALLY support it. And the reason why there isn't such REAL demand (with the exception of crazy securi

Re: [SC-L] how far we still need to go

2007-07-25 Thread Blue Boar
William L. Anderson wrote: > I am flabbergasted. When I first encountered Unix in 1983 I was taught that > you > always run as an ordinary user, and only use admin (root) privileges when > needed. If OS X developers are running as admin, and building and testing > their > products as admin, well

Re: [SC-L] how far we still need to go

2007-07-25 Thread Kenneth Van Wyk
On Jul 25, 2007, at 9:36 AM, William L. Anderson wrote: Well after a few attempts to install it on a Mac OS X system I finally dope out that it only seems to install and run as admin. That is, I not only need to install it as admin (that's OK, ordinary users can't write to the / Applications

Re: [SC-L] how far we still need to go

2007-07-25 Thread Steven M. Christey
On Wed, 25 Jul 2007, William L. Anderson wrote: > I am flabbergasted. When I first encountered Unix in 1983 I was taught > that you always run as an ordinary user, and only use admin (root) > privileges when needed. If OS X developers are running as admin, and > building and testing their product

[SC-L] how far we still need to go

2007-07-25 Thread William L. Anderson
I was trying out a new web service that permits sharing files from the desktop to others online. It does seem a bit dodgy, but I was curious about how it worked. Well after a few attempts to install it on a Mac OS X system I finally dope out that it only seems to install and run as admin. That is