Re: Thank you, unknown genius!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Apr 13, 2008 at 2:43 PM, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> max wrote:
>
> >
> >
> > > The question is, how does it know malicious code from what you want the
> browser to do?
> > >
> > >
> >
> > I don't think it does know malicious code. Heuristic analysis often ends
> in false positives. Its based on permission,AFAIK, does it have permission
> to read or modify a particular file or directory.  The bottom line is
> Firefox is difficult to confine.
> >
>
>  It's not so much that any program is difficult to confine, it is that there
> is no standard for what should be expected or permitted.  That is, before
> shipping something that tries to guess what some random program should be
> able to access, wouldn't it be a good idea to arrange things in some sort of
> security level hierarchy first so it doesn't have to guess?  For example, we
> may know that most programs shouldn't be peeking under ~/.ssh, but that's an
> arbitrary bit of information.  You don't know why or what other similarly
> private bits of information are stored in random places in your home
> directory.
>
>
>
> > Browsers, after the users, are probably the weakest link in the security
> chain.
> >
>
>  Browsers are a tool that you may want to use to move any file anywhere.  If
> you can't give them a hint about what should be off limits you can't expect
> them to know.  But I'd say the weakest link has always been languages that
> make it easy to overflow buffers and stacks that are executable and
> predictably sized.
>
>
>  > One thing we as users
>
> > should do is refuse to use unsafe code.
> >
>
>  If it can possibly have a buffer overflow it is all unsafe.  The kernel is
> unsafe. Pretty much everything you run is unsafe, although some of it has
> been scrutinized fairly carefully.
>
True but alot of the access is triggered by the users desire to do
something that strictly speaking isn't necessary. They say they need
but its more that they want. We could go on and on but I'll sum it up
like this. I don't expect people to stop eating their frosted flakes,
they are tasty after all, I like them myself, but I would probably
urge them not to add extra sugar.

Max

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux