Neal H. Walfield
neal at walfield.org
Fri Jun 28 11:53:20 UTC 2013
At Fri, 28 Jun 2013 10:37:44 +0200,
Matthias Kirschner wrote:
> I'd like to have some feedback from you. Do you agree with those points?
> 2) This gives anyone a platform to play with parts of their owners
> 3) From a security point you are lost as soon as you give an adversary
> the opportunity to control your system.
> 4) Only non-active web content can guarantee that you keep control over
> your equipment.
I strongly disagree. Any data that is interpreted has the potential
to take control of the interpreter. This is true not only of
clearly want to read documents from people we don't trust (e.g., the
NSA), then we need to design our systems and our programs to not only
make it hard for data to do something (as opposed to be!) malicious,
but to limit the potential damage should it succeed. This firstly
requires educating developers, not users. Of course, it would be nice
if the systems made this easier. For instance, whereas it is easy to
drop your user id on the Hurd, this is not possible on Linux. The
closest you can come is to dynamically create a new user, but this
requires superuser privileges or some mediator like Plash, which is
unfortunately no longer maintained.
More information about the Discussion