[linux-elitists] random questions

Rick Moen rick@linuxmafia.com
Tue Dec 11 00:38:22 PST 2001

begin  Mike Touloumtzis quotation:

> First, in my feeble defense, I might plead that the earlier paragraphs
> are pretty categorical about the real thwarted danger (running
> programs with system privileges), and these later paragraphs read like
> a gloss.  I think I fired up my argumentation dynamo about when I read
> this sentence: "If you simply never run untrusted executables while
> logged in as the root user (or equivalent), all the 'virus checkers'
> in the world will be at best superfluous; at worst, downright
> harmful."  No matter what comes later, I still feel that's a hard
> assertion to justify.

To be sure, those essays have gotten to be more than a little
ramshackle.  I haven't rewritten them from top to bottom, just added
to the end and revised from time to time. 

The term "superfluous" is indeed an exaggeration:  It's conceivable that
some magic protective program might shield the user from some percentage
of harmful code he might stupidly execute -- while leaving him wide open
to myriad other ways to shoot himself in the foot, and meanwhile
probably creating problems of its own. 

The matter of malware running solely with non-root authority _is_ dealt 
with, further on, as you know.

So, your problem is that you consider an opening statement to be
inaccurate in isolation, even though the sundry holes and objections are
address in what follows.  <shrug>  I can live with that.  It's an
imperfect world.  I aim to give people a big-picture general truth at
the beginning -- one that I regard as vital to get across, because it's
the specific aspect of Unix-ish systems that is most alien to their
experience -- and then fill in all the cracks down below.  Works well
enough for me.

> Second, my previous mail was not all about trying to correct your
> FAQ...

It's an essay.  Calling it a "FAQ" tends to get people's noses out of
joint:  Many of them have some whack-assed notion that anything labelled
a "FAQ" is obliged to reflect, balance, and harmonise all viewpoints
and adopt a tone of unearthly detachment.  

> Third, I went back and read everything again, and it's clearer to
> me now that we have been thinking about basically the same things.
> However, even on (carefully) rereading what you say, I think that
> the FAQ mischaracterizes the threat model by emphasizing minor points
> unnecessarily and by merely alluding to things which I consider to be
> crucially important.

Again, it's an _essay_.  It expresses my view.  (See also:
http://linuxmafia.com/~rick/faq/#opinionated .)  Everything on that page 
does that, and it's astonishing that you would not so understand.  For a
pretence of omniscience and objectivity, one would want to buy an
encyclopaedia, instead.

> Upon rereading the paragraphs on auto-executing macros, I see that I
> can read them in a way which accords more closely with what I wrote,
> but here's what I came away with on my first reading:
> -- Unix programmers are wary about writing programs which automatically
>    run programs/macros which are received via email.
> This is true, but it isn't quite the same thing I was talking about,
> or at least it's a subset.  Windows users aren't just taken unawares by
> auto-executing programs, they _intentionally_ run programs they recieve
> via email, or download from essentially random sites, all the time.
> The whole UI is formulated to encourage this behavior; it's as if your
> mailcap for shell scripts piped them to /bin/sh.

Note that my essay is about viruses and _Linux_ (as an exemplar of Unix).
Its style of exposition is generally to explain what Unix-y code tends
to do, as a set of time-tested healthy habits.  It isn't a laundry list
of all possible bad practices:  That would be a different essay, and a
very long one.  Much less is it about MS-Windows, or its users, or their
personal deficiencies.

>  Based on your reply to me, you have clearly been thinking about this,
>  but nevertheless the FAQ...

It's an essay.

> ...seems only to address programs and macros which auto-execute on
> receipt.

It's an essay that addressses what I consider worth addressing.  But no,
you're wrong.  It does not address just that.

> Everyone agrees (by now, at least) that that behavior is stupid.

It is entirely probable that you aren't in the target audience, Mike.

> Specifically, you state: "If a friend mailed you a script that would
> erase all your files, would you run it?  Of course not."  Well, that's
> the thing: Windows users will, and they won't read those scripts even
> when they come to Linux.

If _you_ were writing an essay, you could presumably spend time ranting
about the bad habits of MS-Windows users.  But this is my essay, and
it's not about MS-Windows users.

  Their only defense will be a system which
> includes a barrier which requires a clue expenditure to convert data
> to code.


Their only defence will be education.  The easy way, or the hard way.
I won't debate this point, either:  It's covered in my essay.

> My main point is not that you should add new material to the FAQ....

It's an essay.

And you haven't cited yet anything that can usefully be added.  Bear 
in mind that I consider the first essay, in particular, to be awfully
long.  If anything, I might aim to work on conciseness.

> ...but that you should remove material that's currently there, since
> it's not as relevant as its presentation indicates.

I assume that by "not as relevant", you are referring to the opening
statement that you object to on grounds of it being overbroad.  But, as
noted, it's not intended to be read in isolation.  If you're going to
pick nits, for ghod's sake, man, pick nits on the basis of the essay
as a _whole_.

> In my reading of those paragraphs (17-19), you seem to assert: "the Unix
> community wouldn't do that, and if they did, the foolishness of those
> programs would quickly become apparent to all".  This is different from
> my assertion that someone _will_ do it and that the resulting program(s)
> might cause widespread harm; you make clear in your reply that you are
> also concerned with this stronger form.

Different from _your assertion_?  Of _course_ it's different from your
assertion!  It's my essay.

My stance is that people _will_ learn not to use such programs, through
either eating the fruit of the Clue Tree, or by attending the school of
hard knocks.  As before, I don't intend to argue:  My essay speaks my 
point for me.  If your view differs, write your own essay.

> chroot jails are still just too damn hard, since too many programs expect
> to run within a real Unix environment with all its bells and whistles.

Feh.  Look:  Whatever it takes.  Exim drops permissions.  Various ftp
daemons on my list (http://linuxmafia.com/pub/linux/security/ftp-daemons) 
drop permissions.  This isn't brain surgery.

>> Likewise addressed in the aforementioned.
> Not in quite the same way, at least as far as I can tell.

Life's imperfect.  My essays don't aim to cover everything; there's not
room, or time.  Or desire on my part.

> As I stated above, it seems like you're only talking about
> auto-executing macros and programs, even if that wasn't your
> intention.

No, that's not the part I was talking about.  I had in mind paragraphs
11-12 (objection #1).

> If you _really_ think that starting a discussion about Linux and viruses
> with fifteen paragraphs about not running code as root is the way to go,
> than I don't think my feedback is going to be useful at all.

User-authority processes enter the discussion starting in paragraph
five.  Please, don't waste your time and mine on dumb polemics.

> Again, I read the essay, and even modulo the mention of auto-executing
> code, I still feel it misleads its readers.

And I think you're still not reading attentively.  But you're welcome to
write your own.  Go crazy with it.

And, sorry, but I have no more time for this.

This message falsely claims to have been scanned for viruses with F-Secure
Anti-Virus for Microsoft Exchange and to have been found clean.

More information about the linux-elitists mailing list