[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hurdish applications for persistence

From: Jonathan S. Shapiro
Subject: Re: Hurdish applications for persistence
Date: Wed, 12 Oct 2005 21:11:51 -0400

On Thu, 2005-10-13 at 00:41 +0200, Alfred M. Szmidt wrote:

> If you can put a random program in a chroot, you will _always_ find a
> way to break out of it.  And it is simply not worth fixing it.

You have said words to this effect a couple of times now. Your position
seems to be that security has to be "good enough", but not very good. In
the end, the problem with this is that there are guys in eastern russia
right now earning $1M/week to crack your machine. There is a reasonable
limit to the appropriate effort on security, but I need to show you our
web server logs. My lab gets 100 penetration attempts a minute on a
*slow* day.

I'm particularly puzzled by what you said above, though. Wouldn't
running a browser applet qualify as running random code inside a jail?
And isn't the whole point of a jail to run hostile code safely?

I'm obviously not connecting the points in your argument. I do not
expect that we will agree on the right answer, but I would at least like
to understand your position and rationale.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]