Date: Sat, 30 Sep 2000 19:05:51 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Warner Losh <imp@village.org> Cc: Jordan Hubbard <jkh@winston.osd.bsdi.com>, security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective Message-ID: <Pine.NEB.3.96L.1000930190059.44353B-100000@fledge.watson.org> In-Reply-To: <200009302258.QAA13969@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 30 Sep 2000, Warner Losh wrote: > I do like the trust level metric. For ports that we've extensively > reviewed, we could rate them 1. For ports that we haven't, but that > run as normal users we could rate them as 2. For ports we haven't > that run at elevated privs, we could default to 5 (all these assume N > is 10). I see a few axes here, which may be reducable down to a single axis of common cases, but: Exposure: Whether or not the application should, in normal use, be exposed to data of untrusted origin (e-mail, data files from untrusted users, socket connections in or out-bound, etc). - Intended to be run with exposure to untrusted environments - Not intended to run with exposure to untrusted environments Auditing: Whether or not the application has been audited by FreeBSD security developers, or other trusted parties. - Known decent - Unknown - Known bad Privilege: What amount of privilege and access this code will be run as, determining the level of damage possible as a result of an exploit. - Run with elevated privilege - Run by normal users - Run sandboxed Just some initial thoughts. Pine rates poorly on all counts: it is exposed to untrusted data (e-mail, SMTP, IMAP), is known bad in terms of past and current exploitable bugs, and is run by many users, potentially including the root user. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000930190059.44353B-100000>