13 Jan
2014
13 Jan
'14
5:53 p.m.
Well, with the same reasoning, we don't need passwords or protection bits
on files, since I can always take a piece of steel pipe and beat the owner,
until he gives out the data, so why bother?
Blocking chown for general users is one level of several controls. Given
the need, it is always possible to thwart an attack, with additional
controls. And of course, given a set of controls, is is always possible to
find an attack that will be successful. It all depends on the cost of the
protection, the attack and of the data being protected.
Szabolcs
2014/1/13 John Cowan <cowan(a)mercury.ccil.org>
Tim Bradshaw scripsit:
For instance imagine I want to pass some customer
data to which I have
access to you, who con't have access, for purposes of malice.
Download the file and mail it to me via anonymous remailer. Failing
that, use your cell and take snapshots of the screen. Failing that,
write down the data with pen and ink and send it by snail mail.
If I own a file, I can always get the contents to you one way or another.
Blocking chown doesn't help.
--
Let's face it: software is crap. Feature-laden and bloated, written under
tremendous time-pressure, often by incapable coders, using dangerous
languages and inadequate tools, trying to connect to heaps of broken or
obsolete protocols, implemented equally insufficiently, running on
unpredictable hardware -- we are all more than used to brokenness.
--Felix Winkelmann
_______________________________________________
TUHS mailing list
TUHS(a)minnie.tuhs.org
https://minnie.tuhs.org/mailman/listinfo/tuhs