Roy Schestowitz wrote:
> ____/ BearItAll on Tuesday 20 November 2007 12:00 : \____
>
>> Peter Köhlmann wrote:
>>
>>>
>>> http://www.heise-security.co.uk/news/99257
>>>
>>> Again one can see that apple "quality" is about the same as "MS quality"
>>>
>>
>> I didn't know Apple Macs were susseptible to that sort of attack, I still
>> tend to think of Apple's as being UNIX-Like, at least in security.
>>
>> Wouldn't you think that by now MS and Apple, if they are going to insist
>> on executing straight from emails, would have wrapped these in a little
>> application cage, or at the very least keep them inside the java vm.
>>
>> Am I getting synical as I get older, but I can't help feeling that a
>> patch for this spesific one mentioned will simply try to examine the file
>> further to decide if it is a picture or not.
>>
>> Caging wouldn't be difficult, there is only so much executing that makes
>> sense directly from an email, such as the caged launch of a picture or
>> file viewer, it could even allow for editors inside the cage to edit and
>> return email contents.
>
> What type of person would send a program to someone by E-mail anyway?
> Other than that idiocy of wrapping PowerPoint files in a self-contained
> executable? There's rarely a reason to allow scripting and execution of
> file in a mail client, esp. whilst 98% of all E-mail is spewed by Windows
> zombies.
>
Direct execution is something that I can't see me ever allowing on a machine
of mine at the moment, but it will come. Having an email or document
trigger local code is something that is wanted and is common now. That in
itself has proved dangerous in the past, with hackers attempting to crash
the application associated with a file type. Linux could have been just as
vulnerable as Windows was in that area at one time.
That idea could also be caged, it wouldn't be strictly necessary on Linux,
but still has value on a MS machine.
There is an area that will want more interaction between local and remote
code though that is traditionally handled in a java machine. If we talk
about virtual machines at the level of partial virtual applications. Then
there is going to be a time when we will want to pass code from the server
with no interaction from the user, it needs to be smart load and run
dynamically.
Secure comms are used obviously, but you still need protection after the
tunnel.
A typical office of word processor, spreadsheets, email client etc, need to
be able to work together so that the engine can better distribute the work
load. So you will want an email to be able to trigger code within the same
instance of a virtual mode cage, but you may need it to go further, to
reduce the startup time of vm applications or because the client is a hand
held with limited resource space, you may want some code to hold back until
it is needed. So the actions of the client will trigger the transfer and
execution of code. So the only question left is 'How can we do this
safely'. As I said, forget the comms side, but each end of the tunnel must
take care of itself.
The simple truth is that Linux is already very capable of this, nothing
extra needs to be loaded onto a bog-standard Linux machine to do this. Look
at the change root, it isn't an application,there is no code downloads
involved, it is simply config settings. You have locked a machine, anything
from an entire Linux through to a simple 'vi' editor in a cage. A chroot
isn't going to be the sort of caging used for VMs, but it isn't a million
miles away from it either.
The worry then is Windows.
As it happens their ISS (assuming a good firewall) is getting better now
than it was, I know the the process issolation does seem to be very good
which is the part that most relates to what I said above. Gads, that first
ISS I worked with, when I finished the app and found just how open the
whole piggin machine was I put my head down on the keyboard and wanted to
quietly slip away, the place it was going relied very heavily on secure
independantly running applications that only interacted through services.
But still, fair play to MS, they too know the importance of getting the vm
(at which ever level) absolutely right. ISS has come good, no doubt a few
niggles here and there, but very workable. .NET3 is also much more capable
than .NET 1.1 (lets ignore .NET2 shall we), ok so .NET3 it still has that
piggin bug in it that drives crazy, it's on their video you know, if you do
the c# video tutorials for .NET the man comes across the bug and goes
around it, he has obviously seen it before because of the neat way he skips
around and takes an alternative route, but he left it on the video, I bet
he did that because he was as frustrated by it as I was. I first saw that
video about two years ago and the same piggin bug is still there in .NET3.
Don't doubt MS's VM leanings, they know as well as everyone else how
important it is going to be. It was MS that helped Linux developers get XP
onboard. That is absolutely true, MS had to put in the development
resources for that one to happen. Vista still seems an odity in that area,
I know it can host (the list of what it can host was on the Internet, just
about every flavour of Linux had been tested), but not allowing Vista to be
hosted doesn't seem like a good idea to me. Linux as a VM is inevitable,
can called it another name if they like, but it is still Linux.
|
|
