Joshua Brindle wrote:
[EMAIL PROTECTED] wrote:
is there any particular reason you're avoiding answering my (Andrea's,
for that matter) requests for specific attack examples?
>> it's my observation that you as well as many other selinux advocates
>> often try to stay at some superficial theoretical level of 'attacks'
>> as if that meant anything in the real world. it means nothing, so
>> please try get down from that 'high horse' and answer the questions.
Forgive my telling a short, true story here. Back in 1989, Steve Bellovin
wrote a paper called "Security Problems in the TCP/IP Protocol Suite." It
detailed a theoretical attack based on sequence number guessing. In 1994,
Kevin Mitnik used sequence guessing attacks against Tsutomu Shimomura's
network, in an attack that seemed pretty new... an act that ultimately led
to Mitnik's capture and imprisonment. In '89, Bellovin's paper didn't get
a lot of long-term attention because it seemed to be talking about some
wild, theoretical problem that nobody would ever be able to actually exploit.
So, what's the point of this story? You really shouldn't need a specific
attack example to think about the security implications of software.
Instead, you need to have a good theoretical base from which to make
decisions, and balance those decisions with practical knowledge and
understanding because all security decisions are ultimately based on an
assessment of what the risks are and a decision to mitigate or accept the
remaining risk.
This isn't coming from a high horse. This discussion appears to be a
question of competing priorities (functionality versus assurance) in trying
to ensure that a product continues to meet an extremely high standard for
quality.
-Bill
--
William Yang
[EMAIL PROTECTED]
--
gentoo-security@gentoo.org mailing list
