Re: Supporting POSIX *users*

[Bas Wijnen]

On Tue, Nov 01, 2005 at 02:20:44PM +0100, Alfred M. Szmidt wrote:
>    A single bug in a single application allows the attacker access to
>    the whole system.
> 
> Not at all true.  Maybe you if refer to suid root programs, yes, but
> the worst case is that you only get access to someones home directory
> which is not anything near `access to the whole system'.

Access to the only user's home directory is very near access to the whole
system.  The only interesting parts happen to be in that home directory.  This
assumes that most machines are used by only one person.

Say I'm an administrator of a system, and the user's account gets compromised.
All private data is published on the net.  The user comes to me and complains
about it.  I respond "Don't worry, the machine will not crash, because the
cracker cannot touch any of the system code".  Does the user
A) Hit me in the face
B) Talk to the manager to make sure I lose my job, or
C) All of the above?

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature