From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
...
The only O/S security feature I am aware of that is relevant in this
regard is the VMS fine grained privileges that allowed processes to
be created that did not have network access or did not have file
access.
There is a similar feature set in Windows NT but the applications
appear to be unaware of the reason it should be used.
I am unaware of any equivalent system in the UNIX world, chroot is
not equivalent. The .NET framework has reinstated the concept of fine
grained privs but it will take many years for them to be used by
applications.
Finger pointing is rarely a good guide to good security practice.
I remember the time when people doubted unix would get anywhere
because of its notorious security problems and weak security
architecture, it does not seem to have had the predicted effect.
Many UNIX flavors have extremely fine grained privileges. I've been
told by people who dealt with the U.S. Dept. of Defense's tests that
full-up mandatory access controls are unavoidable. That might be why
many and probably most commercial UNIX flavors have (or at least had)
MAC available. They also tend to have elaborate privilege inheritance
mechanisms. Eg. for inetd to be able to open the sockets it needs,
it must not only be running as root, but started by a process that
has the rights to open those sockets and that explicitly passes those
rights during the fork(). Such stuff makes for a lot of bug prone
noise in control files, and elsewhere, and so it's generally disabled
and suppressed for commercial customers. It's been more than 5 years
since I was employed by a UNIX vendor that offered this gunk.
I think a fundamental security principle is that the operating system
cannot entirely trust applications to do the right things. Ignoring
this principle was the foundation of the first 10 or 15 years of
Microsoft security holes, where Microsoft thought or claimed that a
primitive program loader and some utility routines was an "operating
system." But yes, the ancient Burroughs system could be seen as an
existence proof to the contrary.
Perhaps in theory and certainly in press releases .NET is secure.
The history of other absolutely, provably secure mechanisms from
Redmond including ActiveX urge skepticism.
What does any of this have to do with spam in general or the ASRG?
That viruses and worms can used to pump spam from Microsoft systems
doesn't seem much different from the fact that a lot of spam is pumped
through open-by-default proxy programs. The spam looks the same.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg