Re: Working Within the System

From: Michael S. Lorrey (
Date: Sun Apr 30 2000 - 18:30:43 MDT

Matt Gingell wrote:
> On Sun, 30 Apr 2000, Michael S. Lorrey wrote:
> >Additionally, there is no problem with making a runtime that disallows
> >(or allows the user to disallow) certain types of system functions, just
> >as Java does. So the only security hole is due to the release of an
> >unready implementation. That is a typical Microsoft fault, premature
> >releasing things. I'm sure that many of those suffering from Bill-envy
> >will extend that failure to his personal life.
> It's quite a bit deeper than that. The ActiveX security philosophy is based on
> authentication certificates - you trust the program because you know who the
> author was. In Java, you trust the program because it runs in an emulated sand
> box and can not possibly do things the vm won't let it do.
> What an ActiveX program can do isn't a function of the ActiveX runtime, it's a
> function of what the operating system does when an executable program accesses
> one of the kernel interfaces. So far as I know, there's no system in Win95
> for running programs with some particular set of privileges. Making ActiveX
> programs as safe and flexible as Java programs would require a substantial
> amount of operating system support, and it's a bit misleading to suggest 'the
> only security hole is due to the release of an unready implementation.'

Windows is not incapable of priviledge levels or access restrictions. It
is merely installed by the typical user without any. That is a matter of
laziness rather than lack of capability. Any proper and secure ActiveX
installation should allow you to set up such security (which would also
alleviate a lot of the other security holes typical of windows use to
access the internet.)

However, lets say you create a runtime to run ActiveX on a linux/unix
environment. Because that environment specifically allows priviledge
levels and access restrictions, you can build this capability into the
runtime, such that it can interpret an ActiveX applet as being a user,
group, or world level of access, and ban root from executing ActiveX.

This archive was generated by hypermail 2b29 : Thu Jul 27 2000 - 14:10:01 MDT