[prev in list] [next in list] [prev in thread] [next in thread]
List: e-lang
Subject: RE: [e-lang] Pola and GUI operations
From: "Karp, Alan" <alan_karp () hp ! com>
Date: 2002-12-27 20:15:11
[Download RAW message or body]
> -----Original Message-----
> From: Norman Hardy [mailto:norm@cap-lore.com]
> Sent: Thursday, December 26, 2002 9:55 PM
> To: e-lang@mail.eros-os.org
> Subject: RE: [e-lang] Pola and GUI operations
>
> (snip)
> >
> > This case is what I'm worried about. If the user agent can be
> > subverted, then all hope is lost. Letting me write the code for my
> > user agent is giving me enough rope to hang myself. The code
> > running in the user agent must be written particularly carefully if
> > I am to be sure it is loyal only to me.
>
> In a good capability system the user agent can be subverted only if
> it has a bug.
Letting people write the code for their user agents is inviting such bugs. I believe \
that something as critical as the user agent should run the smallest possible amount \
of code and should be provided as part of the platform. Users, and even system \
administrators, should not have the capability to change this code. Updates should \
only be done as part of a system refresh.
> I rely on my agent to be correct, but you don't rely on mine to be
> correct, (as when we share a conputer). If I deal with secrets and
> assets that others own, those others may specify my user agent. They
> may well not trust my coding skills or they may demand that my
> conveyance of authority be temporary by ensuring that capabilities
> that I export be logged and rescindable.
Agreed.
>
> I agree that it is an instance; I hope the code is shared. How would
> an adversary replace it?
>
"Hi, I'm from security. You need to fix a security flaw in your system. Please make \
the following modifications to the code in your user agent."
"Double click to see Sandra Bullock in the shower. If the attachment doesn't open, \
please try again in your user agent."
The code is not shared if individuals can write the code for their own user agents. \
Even if it is shared, the user is often the security administrator for the machine, \
and most users are naive about request such as the above.
> > > (snip)
_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1141
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic