RE: [MiNT] XaAES / GEM memory issues

[Jo-Even.Skarstein@vital.no]

> -----Original Message-----
> From:	Konrad M. Kokoszkiewicz [SMTP:draco@obta.uw.edu.pl]
> Sent:	Friday, January 12, 2001 5:47 PM
> To:	MiNT mailing list
> Subject:	RE: [MiNT] XaAES / GEM memory issues
> 
> > Ofcourse not. But I can guarantee that this is a lot safer than not
> having
> > any checks at all. Especially since F_OS_SPECIAL can't be removed for a
> long
> > time yet.
> 
> For now the only change is that the F_OS_SPECIAL will be strictly root
> only.
> 
I run the AES under non-root accounts all the time. Not because I'm afraid
that I will steal from myself, but to protect my setup from personal errors
and mistakes. This will no longer be possible :-(

Btw. does this really help? What if somebody writes a small application with
a userdef that does nasty things? Or does userdefs run in the context of the
calling application already?

> > You could also write a tiny program that occupies all F_OS_SPECIAL
> > privileges, and then kill this immediately before you start the AES.
> > Ofcourse, anyone could then just crash the AES and then exploit
> > F_OS_SPECIAL, but then *you* could use a daemon that constantly monitors
> the
> > status of the AES and immediately spawns your little
> F_OS_SPECIAL-hogging
> > program if it crash etc...
> 
> Sorry, too complex.
> 
Indeed. So will the life of average users be if one focus too much on
theoretical security exploits on the expense of practical safety.

Jo Even Skarstein

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

This email with attachments is solely for the use of the individual or 
entity to whom it is addressed. Please also be aware that 
Vital Insurance/DnB Group cannot accept any payment orders or other 
legally binding correspondance with customers as a part of an email. 

This email message has been virus checked by the virus programs used 
in the Vital Insurance/DnB Group.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *