[148931] in cryptography@c2.net mail archive
Re: [Cryptography] defaults, black boxes, APIs,
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sun Jan 5 16:54:22 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <alpine.BSO.2.03.1401051146460.10939@astro.indiana.edu>
Date: Sun, 5 Jan 2014 16:47:37 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jonathan Thornburg <jthorn@astro.indiana.edu>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4873184080360723584==
Content-Type: multipart/alternative; boundary=089e0117690d78bb6d04ef40173a
--089e0117690d78bb6d04ef40173a
Content-Type: text/plain; charset=ISO-8859-1
On Sun, Jan 5, 2014 at 3:25 PM, Jonathan Thornburg <jthorn@astro.indiana.edu
> wrote:
>
> > the thirty packages that are written
> > by the usual C-crew
>
> Only 30? :)
>
> But this raises some genuine questions:
> * Is there a secure web browser? My trust level in any of the biggies
> (Microsoft, Apple, Google, Mozilla) is low...
> * I've just booked a hotel room in <distant city>; the hotel sent me a
> .docx file which claims to be a confirmation. Is there an "office suite"
> in which it's safe for me to look at that .docx file?
> * Same question, but for pdf files?
> * For bonus points, can that pdf-viewer edit fillable pdf forms? I have
> seen claims that evince or mupdf can do this... but neither seems to
> handle either US or Canadian tax forms. :(
Well as Jerry quoted my old college tutor earlier in this thread, you can
either make something so simple it is obviously correct or so complex that
there aren't any obvious errors.
Every O/S has a broken privilege system in my view. Instead of system
privileges being monolithic as they have become defacto in every O/S, they
should be mutually exclusive.
A user can have multiple privs but a particular application should not be
able to claim 'modify executable code on disk' and 'modify application
code'.
Only Microsoft should be able to patch my copy of Microsoft Office without
some very explicit overrides on my part. Same for Adobe.
When a program is installed, the installer should only see the default O/S
environment. It should not be able to modify any part of the O/S or install
any dll or .so that any other package can see the change.
We need to get back to the idea of least privilege but apply it to
applications and daemons rather than users.
--
Website: http://hallambaker.com/
--089e0117690d78bb6d04ef40173a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Sun, Jan 5, 2014 at 3:25 PM, Jonathan Thornburg <span dir=3D"ltr=
"><<a href=3D"mailto:jthorn@astro.indiana.edu" target=3D"_blank">jthorn@=
astro.indiana.edu</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im"><br>
> the thirty packages that are written<br>
> by the usual C-crew<br>
<br>
</div>Only 30? :)<br>
<br>
But this raises some genuine questions:<br>
* Is there a secure web browser? =A0My trust level in any of the biggies<br=
>
=A0 (Microsoft, Apple, Google, Mozilla) is low...<br>
* I've just booked a hotel room in <distant city>; the hotel sent=
me a<br>
=A0 .docx file which claims to be a confirmation. =A0Is there an "offi=
ce suite"<br>
=A0 in which it's safe for me to look at that .docx file?<br>
* Same question, but for pdf files?<br>
* For bonus points, can that pdf-viewer edit fillable pdf forms? =A0I have<=
br>
=A0 seen claims that evince or mupdf can do this... but neither seems to<br=
>
=A0 handle either US or Canadian tax forms. :(</blockquote><div><br></div><=
div>Well as Jerry quoted my old college tutor earlier in this thread, you c=
an either make something so simple it is obviously correct or so complex th=
at there aren't any obvious errors.</div>
<div><br></div><div>Every O/S has a broken privilege system in my view. Ins=
tead of system privileges being monolithic as they have become defacto in e=
very O/S, they should be mutually exclusive.</div><div><br></div><div>A use=
r can have multiple privs but a particular application should not be able t=
o claim 'modify executable code on disk' and 'modify applicatio=
n code'.</div>
<div><br></div><div>Only Microsoft should be able to patch my copy of Micro=
soft Office without some very explicit overrides on my part. Same for Adobe=
.</div><div><br></div><div>When a program is installed, the installer shoul=
d only see the default O/S environment. It should not be able to modify any=
part of the O/S or install any dll or .so that any other package can see t=
he change.</div>
<div><br></div><div><br></div><div>We need to get back to the idea of least=
privilege but apply it to applications and daemons rather than users. =A0<=
/div></div><div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com=
/">http://hallambaker.com/</a><br>
</div></div>
--089e0117690d78bb6d04ef40173a--
--===============4873184080360723584==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4873184080360723584==--
