Ted Doty writes:
>At the risk of being Yet Another Security Pinhead, this is the Wrong
>Thing To Do. If we think that the number of clueless boneheaded application
>developers is much larger than the number of clueless boneheaded kernel
>developers, then The Right Thing To Do is to put general security hooks in
>the kernel.
Put not your faith in silver bullets, and certainly not in general
security hooks in a kernel. To be useful, the kernel would have to
anticipate everything about every application and provide a direct and
simple way to represent the security policy any application might ever
need. This rarely happens cleanly in practice. Thus, the application
ends up implementing its own policy using (or misusing) hooks into the
kernel's security mechanisms.
Ergo, a bad enough mistake in the application will still yield a
vulnerability regardless of how tough the kernel is. You have to
balance responsibility for security between the application and the
kernel. Neither can do the job alone. A boneheaded developer can
implement an application with security holes just as effectively on a
highly secure platform as on a DOS PC.
Rick.
smith @
sctc .
com secure computing corporation
|
|
