From: tomas DOT fasth AT twinspot DOT net (Tomas Fasth)
Subject: Re: Feedback needed on proposed cygwin feature
4 Dec 1997 19:32:14 -0800
Message-ID: <34870542.A0933226.cygnus.gnu-win32@twinspot.net>
References: <199712021608 DOT JAA04416 AT chorus DOT dr DOT lucent DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: gnu-win32 AT cygnus DOT com

Chris Faylor wrote:

> What security considerations are there that are not also present with
> any other scheme, whether it is using extended attributes or setting options
> in the registry?  You would have to have the right privileges to change
> the binary.

The binary is normally a single entity, shared among users. Configuring
a certain  behavior at compile time is just fine, having it modified
after installment is not. It will simply introduce all kinds of
nightmares.

If a user wants to change the behavior of a certain binary, it has to be
done within that particular user's environment only. Otherwise, you will
end up with a situation where no-one can trust current settings and
being forced to check/reset the settings at each and every point of use.

If I remember right, the registry allow user specific entries. Also,
it's nothing new in the Unix environment to have configuration files for
binaries stored within the file system space controlled by current user.
We just have to figure out a viable structure to store such information
into.

> How does a virus detection program detect the difference between installing
> a new version of bash or changing a byte in the existing file?

It does not. At both occations the virus tripwire will be sprung.

But a binary installation is normally a system level activity, or at
least done with an intention to share the binary among some or all of
the users on that system.

A change of a binary's runtime behavior should not require a change to
the binary itself. I'm quite surprised that this option came up in the
discussion in the first place. Everybody having worked in the Unix
environment should realize the obvious security breach such solution
would introduce. NT is certainly not an exception.

I strongly recommend to leave the binary alone.

Tomas
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".