Re: The Perils of Pluggability

[Alfred M. Szmidt]

   >    > Extensibility is not a synonym of vulnerability.
   > 
   >    Of COURSE it is!
   > 
   > Actually, it isn't.  Me extentions to vulnerable program A do not
   > affect you.

   Counterexamples:

     My hacked system may attack yours.
     My hacked extension may consume resources that impact other users.
     My hacked extension may corrupt my documents. You may read them,
       impacting your behavior. Recent examples include web site hacks
       that generated millions of dollars in payout through stock
       manipulation.

   Or don't these count as ways in which I am affected?

They don't.  Just because your system attacks mine doesn't mean that
it will break the security of my system; so no harm done there.  If
your hacked extentions consume much cpu/memory then this is easy to
solve, quotas for system resources (I find quotas idiotic, so I don't
support them).  If your extention "consumes" the NIC or something,
then there is not much one can do, a NIC isn't a shared resource.
Your last example about corrupting documents, is totally bogus, since
I can use any kind of text editor to do it, and the only way you can
prohibit this is by two ways: disallowing me to write to my files, or
disallowing other users from reading files that I have made avaiable.
Both of which are silly.

   What you say *can* be true, but only if the underlying system
   imposes proper guards to enforce it.

Not really, since no matter what you will add guards that prohibit me
from doing what I want.  And such guards are simply not acceptable for
us.

   Well, we agree pretty well on the definition of freedom. I would
   add "...without their informed and competent consent", but this is
   merely refinement.

I wouldn't, since this would require users to answer a question like
`do you want to read this document?" each time they want to read a
document, since the document might contain things that are corrupt.