Gonzo Granzeau <gonzoat_private> writes: > > What's really funny is how often programs with 'secure' in the title usually > have a few more security problems than normal... `8r) I agree that it is amusing, in a cynical sort of way. My experience is that it is almost certainly because the authors (and I am NOT casting stones at any particular person here) miss the fundamental rule: The security of a program should be measured by how it is used, and not how it is written. Most people will have installed a new, high-security feature only to discover that they have actually reduced security, because they didn't have time to study the complete documentation or misunderstood it. For example, hands up everyone who has gone around removing the setuid bit, and included xterm :-( The user interface AND CHECKING FOR USER ERRORS are as much part of the security of a program as the way that it manipulates privileges. But regrettably few programmers think that it is their business to protect hassled and tired system administrators from their own (often stupid) mistakes. Regards, Nick Maclaren, University of Cambridge Computing Service, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England. Email: nmm1at_private Tel.: +44 1223 334761 Fax: +44 1223 334679
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:45 PDT