security projects thoughts
Bayard Bell
buffer.g.overflow at googlemail.com
Mon Apr 18 07:02:35 PDT 2011
On 18 Apr 2011, at 14:48, Arno Hautala wrote:
> On Mon, Apr 18, 2011 at 09:38, Daniel J. Luke <dluke at geeklair.net> wrote:
>> On Apr 18, 2011, at 9:27 AM, Arno Hautala wrote:
>>>
>>> So let's say you're for some reason using the MacPorts sudo instead of
>>> the system shipped version (maybe the system version is out of date
>>> and insecure). You're updating your ports at a cafe and someone spoofs
>>> the update for the sudo port.
>>
>> Which method are they using to do this?
>
> Magic? ;-)
> The easiest example is the malicious network operator.
I think we need to temper how the examples are flying: an evil network operator can do egregious damage, but macports isn't exactly the thing end of the wedge for exploiting the implied level of trust.
We need to rewind to providing as a threat model, as was just suggested by Daniel. Security is an iterative and thus economic problem: in a given cycle, you have to pick what to fix, what to mitigate, and what to pass over. You have to survey the general landscape of threats and have some clarity about the residual risk and how attackers might foreseeably adjust. And developing a security feature isn't the same thing as adopting it, which makes for ongoing commitments (which can themselves be exploitable). What the priorities and what costs are we willing to bear in the context of a volunteer organisation, and how do these weigh against identifiable security needs and expectations (which, when mistakes are made, are subject to radical retrospective re-evaluation) of users?
Cheers,
Bayard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1515 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110418/d37d59d2/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 841 bytes
Desc: This is a digitally signed message part
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110418/d37d59d2/attachment-0001.bin>
More information about the macports-dev
mailing list