[cap-talk] More Heresey: ACLs not inherently bad
Jonathan S. Shapiro
shap at eros-os.com
Thu Sep 25 12:56:38 CDT 2008
On Thu, 2008-09-25 at 19:32 +0200, Marcus Brinkmann wrote:
> > Marcus Brinkmann wrote:
> > A Linux version of the Love Letter virus would be as effective as it
> > was on Windows. Opening the attachment grants the programmer of the
> > virus all the user's authority. There is no fix because the system
> > is running the way it was designed to run. I believe the reason we
> > haven't seen such attacks on Linux is the dearth of toolkits for
> > generating them.
I'm sorry that I missed the original post -- this reply is not in proper
thread order. Two comments:
> > I believe the reason we
> > haven't seen such attacks on Linux is the dearth of toolkits for
> > generating them.
This is in turn due to the relatively low LINUX desktop market share.
Google Android is about to "fix" that.
> There is no fix because the system is running the way it was designed
> to run.
This is not entirely clear. Setting aside that any correlation between
behavior and design intent in something the size of Windows is an
accident, I agree only partially. The interesting question is whether
interposition might recover enough control to manage the sort of problem
that you identify. There is some evidence that the answer is "yes".
shap
More information about the cap-talk
mailing list