Lorens Kockum | 2 Jan 10:48 2004

Re: Patent

On Wed, Dec 31, 2003 at 11:06:48AM -0800, jimd@... wrote:
>  So I suppose the real gist of my contention is that SetUID's adequacy
>  or inadequacy is not so much a matter of the times, but rather of the
>  application environment.  That it is not (and never was) adequate in
>  a potentially hostile environment.  That it's inappropriate to rely on
>  set UID mechanisms to protect resources across any administrative
>  boundaries.

IMHO you don't have to generalize much. SetUID is a mechanism
whereby you permit others to run your code with your rights,
or even with your rights and the user's rights combined.  The
mechanism fails miserably when some user wishes to run untrusted
code.

You can then go on to say that in a traditional UNIX view of
things root trusts the OS, and the users trust root, some users
may trust some other users, and that's about it.

In a more hostile environment, almost all code is potentially
untrusted, because even if you wrote it yourself there might be
a bug that would be exploitable.

Does that sum it up?

--

-- 
#include <std_disclaim.h>                          Lorens Kockum
Boualem Benatallah | 31 Jan 05:34 2004
Picon
Picon

CFP WEC'2004 in San Diego, CA, Deadline extended (fwd)

[I believe Nick Szabo and Bill Tulloh are also on the program committee. 
 Note: the submission deadline on the website seems stale. Believe the 
 message below.
    --MarkM]

---------- Forwarded message ----------
Date: Fri, 30 Jan 2004 10:32:21 +0400
From: Zakaria Maamar <Zakaria.Maamar@...>
To: SIGECOM-TALK@...
Cc: boualem@...
Subject: CFP WEC'2004 in San Diego, CA, Deadline extended

NEW SUBMISSION DEADLINE: Feb 16, 2004.

=======Call for Papers===========
The First IEEE International Workshop on Electronic Contracting (WEC)

to be held in conjunction with the IEEE Conference on Electronic
Commerce (IEEE-CEC'04)

San Diego, California, USA
6 July, 2004
http://tab.computer.org/tfec/cec04/cfpWEC.html

Real world commerce is largely built on a fabric of contracts.
Considered abstractly, a contract is an agreed framework of rules used
by separately interested parties to coordinate their plans in order to
realize cooperative opportunities, while simultaneously limiting their
risk from each other's misbehavior. Electronic commerce is encouraging
the growth of contract-like mechanisms whose terms are partially machine
(Continue reading)


Gmane