Re: Viruses

[Daniel Weber <DWEBER1 austin rr com>]

This should be one of the items that the linux standardization project
should take into account.  For normal users on a single-user platform,
requiring that all binaries be installed in /usr/bin should be considered a
security risk.  These locations should probably only be used for protected
system files.  Perhaps most programs should normally be installed in
/usr/local with the UID of the person installing them with global
read/execute and recommend only writing in /usr/bin for PGP protected
packages.

The biggest differance I see between a windows 95/98 world and unix/linux
is that the security framework is there for linux/unix, while it is almost
completely lacking in win95/98.  With due care, most people should feel
confidant that a virus won't destroy his system, though a hijacked
installation script may destroy his home directory structure.

There's an interesting thread on kernelnotes about a new model for an OS
that implements "capabilities" which has been implemented on the EROS
project.  In this model, a program has to request capabilities to perform
any action.  You can specify what capabilities a process can own, thus
ensuring that a rogue program will not have access to any files/system
functions that it shouldn't.  The point I got from the thread was that a
filesystem is a security hole on any system - once you get write access you
can pretty much wipe out whatever you UID has privilege too, regardless if
the program you've corrupted would need access to that functionality.  See
www.eros-os.org for a better description of how it supposed to work or read
the thread at http://www.kt.opensrc.org/kt19990701_25.html