RE: Securing ActiveX.
Ray wrote:
And I'd be happier running the signed ActiveX control, written by Peter Trie, or anyone else within a Sandbox regardless of signature as it increases security.
We're in violent agreement here Ray. Sandboxes are good, signed code is good, having both is very good. We differ on the relative importance of the two techniques but I suspect that is because we are coming from different contexts. My work is all intranet so the users trust the software produced for them by definition. Obviously the factors are different on the net at large.
The above says that you wouldn't want to run ActiveX in a sandbox while you would want to run Java in a sandbox. The difference between technologies is that one runs native the other emulative. I wouldn't want to run ANY foreign code outside a sandbox. Java or ActiveX.
It's not a Java vs ActiveX thing for me at all. What is important is that some of the applets I write can't function in a sandbox, they need access to the disk and other resources for business reasons. For this type of thing signed code without a sandbox is the only choice. What I'd really like is the sort of thing Bill Frantz is describing on another branch of this thread. Signed code and an administrator defined policy that specified for a given signature exactly what types of resources should be accessible. Anything from don't execute and audit a security alarm to complete access to the whole machine.
The whole point of this was creating a distributed network of DES crackers.
Yes, but in good cypherpunk fashion I've hijacked the original topic into a new direction. :-)
If you choose to run an unsigned control all bets are off. On a related note, I recently saw a Java implementation of a board game that recommended the user download the zipped up .classes and run it locally. How many average users realize this would disable the Java sandbox entirely?
How many users know how to download the jdk and run the java vm locally?
They don't need to. All they need to do is unzip the java classes into their classpath and all of the normal restrictions on an applet are ignored. Think it would be very hard to persuade a user to do just that in order to play a kewl java game? More importantly it shows that even expert users don't always know where the holes in the sandbox are. regards, -Blake
On Tue, 17 Dec 1996, Blake Coverett wrote:
It's not a Java vs ActiveX thing for me at all. What is important is that some of the applets I write can't function in a sandbox, they need access to the disk and other resources for business reasons. For this type of thing signed code without a sandbox is the only choice.
Sure they can. Get a file system that honors security and limit that applet's access to certain directories only where the data it needs lives. Do not give it access to everything. A sandbox will allow this.
What I'd really like is the sort of thing Bill Frantz is describing on another branch of this thread. Signed code and an administrator defined policy that specified for a given signature exactly what types of resources should be accessible. Anything from don't execute and audit a security alarm to complete access to the whole machine.
Same difference whether you use the signature or some other thing to grant or revoke access to certain resources. Though if you use a signature as in the author who wrote it as opposed to something like a CRC which is unique for every control - then you are opening a wider hole than you want. With apps like that you want to set security perms for each application, not all applications that were written by Macrosoft. :)
How many users know how to download the jdk and run the java vm locally?
They don't need to. All they need to do is unzip the java classes into their classpath and all of the normal restrictions on an applet are ignored. Think it would be very hard to persuade a user to do just that in order to play a kewl java game? More importantly it shows that even expert users don't always know where the holes in the sandbox are.
Fine - how many game users who how to unzip the java classes into their classpath? Question is of knowledge not of what action they will take. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder@sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com =========================
participants (2)
-
Blake Coverett -
Ray Arachelian