From mboxrd@z Thu Jan 1 00:00:00 1970 From: szigiszabolcs@gmail.com (SZIGETI Szabolcs) Date: Mon, 13 Jan 2014 17:53:03 +0100 Subject: [TUHS] History of chown semantics In-Reply-To: <20140113161506.GA31756@mercury.ccil.org> References: <20140109191336.GD24304@mercury.ccil.org> <5128EE1B-28A2-4D5E-AE32-BEC6652DF1A1@tfeb.org> <20140110171819.GA14513@mercury.ccil.org> <8F58DE51-60E5-4E41-AAEF-78CAC3C08DBC@tfeb.org> <20140113070543.GC22593@mercury.ccil.org> <9D0D12F6-B198-4793-8501-E366FC7E5CB1@tfeb.org> <20140113161506.GA31756@mercury.ccil.org> Message-ID: Well, with the same reasoning, we don't need passwords or protection bits on files, since I can always take a piece of steel pipe and beat the owner, until he gives out the data, so why bother? Blocking chown for general users is one level of several controls. Given the need, it is always possible to thwart an attack, with additional controls. And of course, given a set of controls, is is always possible to find an attack that will be successful. It all depends on the cost of the protection, the attack and of the data being protected. Szabolcs 2014/1/13 John Cowan > Tim Bradshaw scripsit: > > > For instance imagine I want to pass some customer data to which I have > > access to you, who con't have access, for purposes of malice. > > Download the file and mail it to me via anonymous remailer. Failing > that, use your cell and take snapshots of the screen. Failing that, > write down the data with pen and ink and send it by snail mail. > > If I own a file, I can always get the contents to you one way or another. > Blocking chown doesn't help. > > -- > Let's face it: software is crap. Feature-laden and bloated, written under > tremendous time-pressure, often by incapable coders, using dangerous > languages and inadequate tools, trying to connect to heaps of broken or > obsolete protocols, implemented equally insufficiently, running on > unpredictable hardware -- we are all more than used to brokenness. > --Felix Winkelmann > _______________________________________________ > TUHS mailing list > TUHS at minnie.tuhs.org > https://minnie.tuhs.org/mailman/listinfo/tuhs > -------------- next part -------------- An HTML attachment was scrubbed... URL: