Re: outside evil vs. the user (was: Please read if you use x86 -current)

[Antti Kantee <pooka%cs.hut.fi@localhost>]

On Thu Nov 13 2008 at 14:43:42 -0500, Greg A. Woods; Planix, Inc. wrote:
> 
> On 13-Nov-2008, at 8:44 AM, Antti Kantee wrote:
> 
> >Second, I am more concerned about outside evil, not so much the user
> >trying to exploit his own machine.  Of course multiuser machines are
> >another thing, but as I already said in the previous paragraph, I do
> >not agree with your concern there either.
> 
> When people talk about security vulnerabilities and use phrases like  
> "the user" they mean a process acting at the privilege level of the  
> average user.
> 
> However it may not be a process the human user intended to run, or it  
> may not be doing something the human user intended it to do.
> 
> I.e. these concerns are part of a security threat model involving  
> "outside evil" as you say.  Users are not always in as direct a  
> control over what they do on their own machines as you seem to suggest/ 
> hope they might be.
> 
> Think phishing attacks, worms, viruses, buffer overflows, etc., etc.,  
> etc.  The vector is irrelevant beyond the fact that it causes code to  
> run as the user which the user did not intend to run.  These are all  
> examples of "the user" doing something to (try to) compromise security  
> of their own machine, whether they realize it or not.

"outside evil" in this case is an evil file system image very much likened
to a phishing attack, worm, virus, ...  - something that compromises the
system's security in an unexpected way for the user e.g. when mounting it.
We agree on this one.

By "the user *trying* to exploit" I meant the user consciously trying
to break the system, not accidentally.