Vista, etc.

D. Hugh Redelmeier hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Sun Dec 24 18:55:29 UTC 2006 

| From: Simon <simon80-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>

| On 12/24/06, D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org> wrote:
| > This is the thing that runs the display.
| >
| > (An X client is typically an application program wanting stuff drawn on
| > the screen.)
| 
| I know this, I just wasn't sure, because it doesn't make sense to me
| to be so paranoid about needed software that comes from a trusted
| source (upstream and distribution devs) being able to use your
| hardware.  Sounds like the "pull the plug" approach to internet
| security, or the avoidance of email altogether so as to solve the spam
| problem.

Sorry if I wasn't clear.

I'm not so worried that the X server has malicious code in it (but of
course it might).  I'm more worried that it has bugs that would allow
X clients to access things that they should not.  The X server is now
part of the security perimeter.


Anecdote:

In the mid 1970's, I went to an seminar by a respected computer
scientist "implementing secure subsystems on insecure operating
systems".  It was about how they (Cornell University) could safely
allow random undergrads to run PL/C programs even though PL/C (a
student-oriented PL/I compiler) ran on OS/370 (an insecure OS).

I asked the question: "do you think that such a large interface (the
PL/I language) can be implemented securely?"  He said "yes".  Within
about 15 minutes of the talk, I had cracked the local PL/C system
(using a bug that I knew several language implementations had, but
that I had never before tried with PL/C).  And that time included
punching the program on cards and running it through the "open shop"
job stream.  Oh, and figuring out how to evade the checks that PL/C
had for this very bug through the use of a couple of obscure features
of PL/I.  With my report, they fixed PL/C.  I have no idea how many
other holes there were.

I got the WATFOR compiler maintainers to fix this same bug.
Interestingly, the fix later fell out somehow.  I again got them to
fix it.

Summary: big interfaces don't make good security perimeters.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list