____/ William Poaster on Tuesday 20 November 2007 16:41 : \____
> BearItAll wrote:
>
>> Peter Köhlmann wrote:
>>
>>>
>>> http://www.heise-security.co.uk/news/99257
>>>
>>> Again one can see that apple "quality" is about the same as "MS quality"
>>>
>>
>> I didn't know Apple Macs were susseptible to that sort of attack, I still
>> tend to think of Apple's as being UNIX-Like, at least in security.
>
> Apple is about 85% FreeBSD & the rest is Apple's junk bolted on. As that is
> their proprietary SW, who knows wtf it contains. It's probably why Paul
> Hudson of FuturePublishing says that their Apple Macs crash at least once a
> day.
>
> I have the latest FreeBSD release on another machine, & that *doesn't* crash.
> As they say..."Go figure"..
>
> Most BSD-users don't consider Apple's SW a BSD, & don't rate it at all.
On top of the BSD stack you're left with /heaps/ of proprietary software. If
you consider OS X _as a whole_, BSD is just a fragment. In Debian GNU/Linux,
for example, Linux only accounts for 2 or 3 percent of the code.
>> Wouldn't you think that by now MS and Apple, if they are going to insist on
>> executing straight from emails, would have wrapped these in a little
>> application cage, or at the very least keep them inside the java vm.
>>
>> Am I getting synical as I get older, but I can't help feeling that a patch
>> for this spesific one mentioned will simply try to examine the file further
>> to decide if it is a picture or not.
>>
>> Caging wouldn't be difficult, there is only so much executing that makes
>> sense directly from an email, such as the caged launch of a picture or file
>> viewer, it could even allow for editors inside the cage to edit and return
>> email contents.
>>
>> I wonder if Apple still has enough UNIX in it to allow for multiple
>> directory caged root levels, I should imagine that in many cases a
>> structure that only exists temporarily in ram would do the job.
>
>
>
--
~~ Best of wishes
Roy S. Schestowitz | Useless fact: the buttocks is the largest muscle
http://Schestowitz.com | RHAT Linux | PGP-Key: 0x74572E8E
23:20:02 up 21 days, 3:18, 4 users, load average: 1.93, 1.32, 1.48
http://iuron.com - Open Source knowledge engine project
|
|