[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Securing ActiveX.



On Mon, 16 Dec 1996, Blake Coverett wrote:

> This thread branch seems to be based on bad assumption.  Why would
> one want to run ActiveX controls in a sandbox?  If you need a sandbox,
> use a Java applet, if you need native code level access to the system
> use ActiveX.

To prevent ActiveX controls from formatting your hard drive while still 
being able to run native code to do fast DES cracking, why else?  
Sandbox!=Virtual CPU emulator.  Sandboxes work at the supervisor/user CPU 
level deciding which calls are cool and which will result in a core dump.

...

> Digitally signed code, a la ActiveX, is another approach to the same problem.  
> If the digital signatures and infrastructure around them are sound, which they 
> appear to be for ActiveX, this is also a useful solution.  The built-in gotcha 
> with this model is the all or nothing nature, either I trust the software publisher 

Viruses can sneak into software.  Given enough time you will see them 
sneak into compilers which will then happily create virus infected or 
trojan loaded controls which will be happily signed.  I'll leave the test 
of that scenario up to your imagination.  There were cases of viruses 
making their way to production distributed disks back a few years ago 
because people weren't watching carefully enough.

Or you may find that shareware control authors won't bother to sign their
controls, etc...  Same situation.  At some point trust or no trust, once
your hard drive is wiped, so is the record of the signature that says "The
last control you downloaded came from XYZ.com and was written by Vulis." 

> An equivalent Unix problem would be to allow an open-access guest
> account with the ability to transfer in and execute arbitrary binaries.
> While doing this securely may be possible in theory I don't think the 
> state of the art is up to it today.  (I sure wouldn't allow it on my system.)

Right, so if that's the case, why would you allow ActiveX controls to run 
on your system?  It's the same problem whether signed or not as 
signatures only tell you the author's identity and not much else.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|[email protected]|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================