Wolfgang Woehl wrote:
Freitag, 8. Februar 2008 Aaron Kulkis:
You see...the whole Unix security model PRESUMED that a user might (either unintentionally or intentionally) write and/or execute a run-away process which could be destructive. Write-permissions (or lack of them) prevent the process from doing damage to anything other than the user's own personal files.
Aaron, I'm taking the liberty to call your set of thinking "old-school" which has a positive side and a negative side.
Bad news first: Immense lack of imagination wrt to possible scenarios. Immense.
Have you ever actually written an operating system? I actually had to do such a thing ...writing a multi-user, multi-tasking OS on a lowly 8-bit Motorola 6809 as an undergraduate at Purdue University. You learn a hell of a lot very quickly doing such a thing.
I don't mean to sound rude but you really need to read up on what is going on. For example all of web2.0 is one huge stress-test suite for a browser infrastructure. To take this lightly is ... well, I've already called it names ... But don't. Why would you? Do you audit?
As an professional Unix Systems Engineer who has spent most of my career working at fortune 500 corporations, believe me, I keep up on security issues.
Good news: old-school tends to have all the tools ready to deal with the moving target "security on linux". So you stand a chance :)
That's because we actually UNDERSTAND what the hell is going on inside the computer...on the CPU-register level if need be. There were time when I used to write in C, but debug in the assembly code produced by the compiler. I eventually reached the point where I could write the assembly code produced by compiler. A friend and I used to challenge each other with weird-but-legal C code to see who could stump the other by write some code which the other could not produce (from his own head) the assembly code which would be produced by the compiler.
As I said, I'm taking liberties and I'm sure you will shoot back at me (in 1 week or something -- man, you should fix your email, this is like a trip back in time. This thread was _over_). But no hard feelings, allright?
Sorry about that. I'm migrating stuff. It should be fixed soon.
Wolfgang
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org