[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hurdish applications for persistence
From: |
Jonathan S. Shapiro |
Subject: |
Re: Hurdish applications for persistence |
Date: |
Wed, 12 Oct 2005 21:11:51 -0400 |
On Thu, 2005-10-13 at 00:41 +0200, Alfred M. Szmidt wrote:
> If you can put a random program in a chroot, you will _always_ find a
> way to break out of it. And it is simply not worth fixing it.
You have said words to this effect a couple of times now. Your position
seems to be that security has to be "good enough", but not very good. In
the end, the problem with this is that there are guys in eastern russia
right now earning $1M/week to crack your machine. There is a reasonable
limit to the appropriate effort on security, but I need to show you our
web server logs. My lab gets 100 penetration attempts a minute on a
*slow* day.
I'm particularly puzzled by what you said above, though. Wouldn't
running a browser applet qualify as running random code inside a jail?
And isn't the whole point of a jail to run hostile code safely?
I'm obviously not connecting the points in your argument. I do not
expect that we will agree on the right answer, but I would at least like
to understand your position and rationale.
shap
- Re: Chroot and "..", (continued)
- Re: Chroot and "..", Alfred M\. Szmidt, 2005/10/13
- Re: Hurdish applications for persistence, Bas Wijnen, 2005/10/13
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13
- Re: Hurdish applications for persistence, Jonathan S. Shapiro, 2005/10/13
- Re: Hurdish applications for persistence, Bas Wijnen, 2005/10/14
- Re: Hurdish applications for persistence, Marcus Brinkmann, 2005/10/14
- Re: Hurdish applications for persistence, Jonathan S. Shapiro, 2005/10/14
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13
- Re: Hurdish applications for persistence,
Jonathan S. Shapiro <=
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13
Re: Hurdish applications for persistence, Marcus Brinkmann, 2005/10/12
- Re: Hurdish applications for persistence, Jonathan S. Shapiro, 2005/10/12
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13
- Re: Hurdish applications for persistence, Marcus Brinkmann, 2005/10/13
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13
- Re: Hurdish applications for persistence, Marcus Brinkmann, 2005/10/13
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13
- Re: Hurdish applications for persistence, Marcus Brinkmann, 2005/10/13
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13