IETF Logo Mail Archive

RE: [Asrg] Viruses

Vernon Schryver <vjs@calcite.rhyolite.com> Wed, 25 June 2003 21:13 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA03407 for <asrg-archive@odin.ietf.org>; Wed, 25 Jun 2003 17:13:34 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5PLD7T07722 for asrg-archive@odin.ietf.org; Wed, 25 Jun 2003 17:13:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VHZj-00020R-OJ for asrg-web-archive@optimus.ietf.org; Wed, 25 Jun 2003 17:13:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA03369; Wed, 25 Jun 2003 17:13:03 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VHZh-0000TD-00; Wed, 25 Jun 2003 17:13:05 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19VHZb-0000TA-00; Wed, 25 Jun 2003 17:12:59 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VHZc-0001u8-Q8; Wed, 25 Jun 2003 17:13:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19VHZB-0001ts-Je for asrg@optimus.ietf.org; Wed, 25 Jun 2003 17:12:33 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA03285 for <asrg@ietf.org>; Wed, 25 Jun 2003 17:12:29 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19VHZ9-0000S8-00 for asrg@ietf.org; Wed, 25 Jun 2003 17:12:31 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19VHYy-0000Qw-00 for asrg@ietf.org; Wed, 25 Jun 2003 17:12:20 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.10.Beta0/8.12.10.Beta0) id h5PLBJ3L001781 for asrg@ietf.org env-from <vjs>; Wed, 25 Jun 2003 15:11:19 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200306252111.h5PLBJ3L001781@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: RE: [Asrg] Viruses
References: <2A1D4C86842EE14CA9BC80474919782E0D228C@mou1wnexm02.verisign.com>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 25 Jun 2003 15:11:19 -0600

> From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

> ...
> The only O/S security feature I am aware of that is relevant in this
> regard is the VMS fine grained privileges that allowed processes to
> be created that did not have network access or did not have file 
> access.
>
> There is a similar feature set in Windows NT but the applications
> appear to be unaware of the reason it should be used.
>
> I am unaware of any equivalent system in the UNIX world, chroot is
> not equivalent. The .NET framework has reinstated the concept of fine
> grained privs but it will take many years for them to be used by
> applications.
>
> Finger pointing is rarely a good guide to good security practice.
> I remember the time when people doubted unix would get anywhere
> because of its notorious security problems and weak security
> architecture, it does not seem to have had the predicted effect.

Many UNIX flavors have extremely fine grained privileges.  I've been
told by people who dealt with the U.S. Dept. of Defense's tests that
full-up mandatory access controls are unavoidable.  That might be why
many and probably most commercial UNIX flavors have (or at least had)
MAC available.  They also tend to have elaborate privilege inheritance
mechanisms.  Eg. for inetd to be able to open the sockets it needs,
it must not only be running as root, but started by a process that
has the rights to open those sockets and that explicitly passes those
rights during the fork().  Such stuff makes for a lot of bug prone
noise in control files, and elsewhere, and so it's generally disabled
and suppressed for commercial customers.   It's been more than 5 years
since I was employed by a UNIX vendor that offered this gunk.

I think a fundamental security principle is that the operating system
cannot entirely trust applications to do the right things.  Ignoring
this principle was the foundation of the first 10 or 15 years of
Microsoft security holes, where Microsoft thought or claimed that a
primitive program loader and some utility routines was an "operating
system."  But yes, the ancient Burroughs system could be seen as an
existence proof to the contrary.

Perhaps in theory and certainly in press releases .NET is secure.
The history of other absolutely, provably secure mechanisms from
Redmond including ActiveX urge skepticism.

What does any of this have to do with spam in general or the ASRG?
That viruses and worms can used to pump spam from Microsoft systems
doesn't seem much different from the fact that a lot of spam is pumped
through open-by-default proxy programs.  The spam looks the same.


Vernon Schryver    vjs@rhyolite.com


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email