1996-12-18 - RE: Securing ActiveX.

Header Data

From: Ray Arachelian <sunder@brainlink.com>
To: Blake Coverett <blake@bcdev.com>
Message Hash: f0ce1a016be08e24d1f0bac021df48648eef01a9d688dcf342b0e510c598c93b
Message ID: <Pine.SUN.3.91.961218131417.12175E-100000@beast.brainlink.com>
Reply To: <01BBEC70.68E48680@bcdev.com>
UTC Datetime: 1996-12-18 18:16:16 UTC
Raw Date: Wed, 18 Dec 1996 10:16:16 -0800 (PST)

Raw message

From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 18 Dec 1996 10:16:16 -0800 (PST)
To: Blake Coverett <blake@bcdev.com>
Subject: RE: Securing ActiveX.
In-Reply-To: <01BBEC70.68E48680@bcdev.com>
Message-ID: <Pine.SUN.3.91.961218131417.12175E-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain

On Tue, 17 Dec 1996, Blake Coverett wrote:

> It's not a Java vs ActiveX thing for me at all.  What is important is that
> some of the applets I write can't function in a sandbox, they need access
> to the disk and other resources for business reasons.  For this type of
> thing signed code without a sandbox is the only choice.

Sure they can.  Get a file system that honors security and limit that 
applet's access to certain directories only where the data it needs 
lives.  Do not give it access to everything.  A sandbox will allow this.
> What I'd really like is the sort of thing Bill Frantz is describing on 
> another branch of this thread.  Signed code and an administrator 
> defined policy that specified for a given signature exactly what 
> types of resources should be accessible.  Anything from don't
> execute and audit a security alarm to complete access to the
> whole machine.

Same difference whether you use the signature or some other thing to 
grant or revoke access to certain resources.  Though if you use a 
signature as in the author who wrote it as opposed to something like a 
CRC which is unique for every control - then you are opening a wider hole 
than you want.  With apps like that you want to set security perms for 
each application, not all applications that were written by Macrosoft. :)
> > How many users know how to download the jdk and run the java vm locally?  
> They don't need to.  All they need to do is unzip the java classes into their 
> classpath and all of the normal restrictions on an applet are ignored.  
> Think it would be very hard to persuade a user to do just that in order
> to play a kewl java game?  More importantly it shows that even expert
> users don't always know where the holes in the sandbox are.

Fine - how many game users who how to unzip the java classes into their 
classpath?  Question is of knowledge not of what action they will take.

.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================