/tech/ - Technology★

commonsense comes with not running everything as an admin pre-installed.

Common practice among actual retards is to run everything as a single non-admin/non-root user. It's absolutely pointless since in both Windows an UNIX you can use Read/WriteProcessMemory or ptrace to access/change anything you want in any process and you have access to all his files. When I first got into the software industry I told someone this and he literally got angry after having his 3 non-arguments rebuked. These same faggots will SSH into machines on LAN and internet and accept the key (with no verification), and redo this process about 10 times a year due to losing memory. So they waste all their time typing their password after "sudo vim /etc/blah" and then when it comes to something that matters like verifying cryptographic keys they just shurg it off. Tech is retards.

UAC is FULL RETARD. Literally pointless. I forgot that shit exists until recently installing Windows 7 Home Basic on a machine. All these UNIX braindamages just train the user to think security is cumbersome. This is why for decades the standard way to pwn someone's machine was to put a signed Java applet on a page you know they'll visit, and when Sun's dumbfucking warning comes up (which if you answer yes, grants full privileges to the applet) the user cannot understand what idiosyncratic nonsense is written there and just clicks yes.

One of these actual retards: >>1015584

>>1015589

Holy fucking shit, how can you be so retarded? None of these functions can access a process ran by another user. sudo runs as root thanks to SUID, and even if you're running Xorg as a user there's CAP_SYS_PTRACE, and on Windows the whole UAC and graphics stack runs in priviledged mode and you even go into a special mode which prevents other processes injecting mouse or keyboard input (on Linux the attacker would have to know the password to gain access through simulated user input).

>>1015599

It's the UNIXisEBEL shill.

I find it more unusual that he forgot his quotes from some old mailing list no one knows of he normally puts in a code box.

Admin/User system works under Windows unless a CPU exploit is used for privilege leveling or simulated keyboard events just press enter when the admin notification comes up.

When typing in the password is disabled(default) getting Admin rights with user rights is easy but one can turn that off.

Let's be honest. You should just know what you're about to run before you run it then you don't have to trust shitty privilege systems.

>>1015599

>sudo runs as root

And your shell runs as your own user, dickfuck. Not to mention malware running as you already has access to ~, so getting root isn't even interesting. Think about the consequences of that for a while before posting again.

UAC has never stopped such attacks. Even if it did, it would just give the user an obscure UAC popup which he would answer yes to. You're gonna have to refer to a specific system at this point because last time I checked, Windows, Fedora, and Ubuntu were all vulnerable as soon as malware runs as your own user, and thus privileges are pointless.

>>1015610

>Let's be honest. You should just know what you're about to run before you run

false but true under broken UNIX systems

>shitty privilege systems.

true under broken UNIX systems

>>1015615

> Not to mention malware running as you already has access to ~

Not necessarily. With something like OpenBSD's pledge/unveil, you can restrict a program to the bare minimum it needs to function. In the case of a web browser like Lynx, you could have its only access to filesystem be its own config files and a subdirectory for saving files to like ~/downloads. If it ever tries to do access anything more, the kernel kills it.

>>1015610

There are also some files that are hardcoded to not pop up the UAC dialog and automatically accept. This is the way some of the UAC bypass exploits work.

>>1015684

Let's be real, almost no one does this.

Most linux distros should by default run one process under one restricted user by default. Android does better job at utilizing the UNIX permission model than any real linux distro, completely unacceptable.

>>1015615

>true under broken UNIX systems

There is nothing wrong with UNIX permission system, people just don't use it correctly.

>>1015615

>And your shell runs as your own user, dickfuck

The shell doesn't supply the password to sudo you fucking retard. Whenever the shell launches sudo its stdin is connected directly to the terminal emulator. Bash or whatever shell you're using can't see or modify the IO for a child that's running as root.

The only non-privileged programs the password goes through is your terminal emulator (if it's not a system console) and possibly your Xorg server, but again, on a correctly configured system ptrace is disabled by default. Feel free to try it yourself if you want, on Ubuntu you can't attach gdb to a running process on a default install unless you log in as root and change CAP_SYS_PTRACE.

>Not to mention malware running as you already has access to ~, so getting root isn't even interesting.

Not the point of my post, retard. I never said anything about access to the filesystem. That said, the point of not running as root is that the malware can't hide itself. It'll show up on a process list. It'll show up on a ls -a. If it tries to encrypt or delete your files, they'll show up as corrupted or missing as soon as it begins happening, giving you an opportunity to notice what's happening before it's too late. You can reboot, log in as root and easily remove the malware.

>last time I checked, Windows, Fedora, and Ubuntu were all vulnerable as soon as malware runs as your own user

Oh, yeah, if we can't fully verify the code the user is running is trustworthy, let's run it with full privileges anyway. What's the point of limiting the damage, right? Let's the malware run for months siphoning every password, having the time to send every file to the attacker, and transparently encrypt every file on the system, all while the user and antivirus software being none the wiser because everything is hidden by intercepting system calls at the kernel level.

>Even if it did, it would just give the user an obscure UAC popup which he would answer yes to

Only if you're retarded. Unless you're installing an admin tool or a system wide program, there'd be no reason for that shit to pop up, and even the average normalfag would click "no" if the question came out of nowhere (for instance if a javascript program managed to exploit the browser and perform an arbitrary code injection).

>>1015727

>Whenever the shell launches sudo its stdin is connected directly to the terminal emulator.

Which is an X11 client running as the same user as you.

Last time I checked, you could simply attach strace to gksu and see the password when the user types it.

You're the retard for thinking UNIX provides anything more than discretionary access control.

>Xorg server, but again, on a correctly configured system ptrace is disabled by default.

Are you one of those faggots who changes the definition of "correct configuration" every week when you learn about a new vuln? 10 years ago _nothing_ was using caps. And right now, no matter how your system is configured, I could literally just modify your bashrc to load a fake version of sudo or any other program. But still, this doesn't matter, because I'm not even interested in getting root, since I already have all your documents.

Again, your problem is that you think UNIX has anything more than DAC.

>That said, the point of not running as root is that the malware can't hide itself. It'll show up on a process list.

Wrong again, moron. It can be embedded into programs in a million different ways. A simple way is to load itself into a Python program (by overriding the module path or something like that). Also note that all your programs are written in C. So they all are full of code execution vulns. Since it's too hard for UNIX niggers to make sure there are no execution vulns, they DO NOT audit code that parses files in ~. Thus it's simple to find a code execution vuln and inject your code into something by making a malformed .nignogrc which some C program called nignog will use.

>Oh, yeah, if we can't fully verify the code the user is running is trustworthy, let's run it with full privileges anyway. What's the point of limiting the damage, right?

The point went over your head dickfuck. Your snakeoil privileges are not real privileges. Running some shit as your own user is literally equivalent to running everything as root, for reasons stated above.

<all while the user and antivirus software being none the wiser because everything is hidden by intercepting system calls at the kernel level.

>implying A/V is useful

>implying it's not trivial to write a universal A/V bypass

>implying A/V has any purpose other than to reduce number of bots in a botnet

Note: All my posts did not mention servers. Servers use DAC, so they are sound (aside from implementation faults, like kernel privilege escalation vulns). Apache is a separate user from MySQL, etc.

>Unless you're installing an admin tool or a system wide program, there'd be no reason for that shit to pop up,

There are plenty of reasons you fucking oblivious nignog. I'm sure direct X triggers it. Steam overlay might trigger it because it injects code. Fraps might trigger it because it injects code. It comes up for literally 100s of different reasons, just like all of the "muh HIPS based firewall". That fucking meme died in 2006 after a few months of life, and you're still defending it.

>>1015749

So you don't want your programs having access yo your files, gotcha. Maybe iOS is more your speed then, I heard it doesn't have a filesystem.

>>1015589

?

If the process runs as user X, then it can't fuck with user Y or Z or root.

I know your nigger brain is bad at contextualizing these concepts simce "its da same conputur", but I assure you that its a good idea.

>>1015795

>A much more sensible scheme would do away with user level permissions and by default sandbox all programs

Good luck coming up with a decent permission scheme for the sandbox.

Try considering the permissions you'd need to have for a text editor and a game with a modder SDK to work correctly, and you'll see how annoying the whole thing is.

Also that comic is retarded, admin access allows much stronger malware persistence and thus allows for long term data theft and botnetting, something that's not possible without sudo.

>>1015786

>to what specifically I'd be putting myself at risk of by running literally everything as admin.

In the off chance you're not trolling, a virus running as admin can do nastier things, such as embedding itself within your motherboard, within your hardware firmware (especially for I/O devices), and generally making itself a lot harder to detect.

>>1015797

Each program has it local file tree it can access. Want two programs to cooperate on the same set of files? You create a new "filespace" for the two of them. Only the operator (a fusion of user/admin) can perform these actions through a confined interface, for which there is no ABI.

When I install a program, I want to see a list of network locations it can talk to, and locations on my computer it can access. By default, it should only be able to operate in the space automatically granted to it.

>>1015795

>paypal

>bank

not stored locally and passwords can't be read out without admin rights.

So the browser may run as user but can't be accessed as user.

>email

only if the user uses a client program

Most normies read them in the browser these days.

>files

True but what use does an application have that can't process data because there is nothing it can access to process it?

tl;dr image is retarded like >>1015797 said.

>>1015800

Hate to break it to you but that is unrealistic.

>Not running literally everything with admin privileges

>hacker news told me to run totallynotsuspicious.exe

>let me go ahead and do that

>WARNING: THIS APP WANTS TO ACCESS ADMINISTRATOR PRIVILEGES

>pff who cares? okay do it

>everything locked behind bitcoin paywall or your whole motherboard is bricked

you stupid fucking nigger

>>1015786

you clearly are computer illiterate though because you bothered to ask a retarded question

>>1015802

You refuted nothing. Obviously there is nothing of value on your machine, but to most people, their most valued assets are in their home directory.

>>1015805

Sorry honey, but the alternative is running software, and hoping it doesn't do anything evil. I hate to break it to you, but that is insane. Open source does not help here users do not have time to perform a full analysis on the software they run (anyone who claims to do this is lying).

The only people who enjoy the Russian roulette approach we have today are those in computer security or retards who fear having to retrain.

>>1015808

> MALICIOUS SOFTWARE EVEN ENTER MY SYSTEM

Package manager, ports tree... as a home exercise, why don't you come up with a few more ways you can fuck up a machine.

>>1015810

Is this question really so hard to answer or is it just that it's too much fucking trouble to entertain the idea that the person asking it might not be an idiot?

>>1015809

> >>1015802 (You) You refuted nothing

> >>1015805 (You) Sorry honey

You're not on reddit, you stupid shit.

>but the alternative is running software, and hoping it doesn't do anything evil.

Downloading from trusted/VIP uploaders and uploading the exe to virustotal.com?

>time to perform a full analysis on the software they run

As if anyone does this.

>>1015812

You heard of BAD USB?

>>1015772

This IS a huge step in the right direction. Imagine a FOSS system like that setup with a fine grained permission model. You could run ''totallynotavirustrustmegoy.exe' without much concern. It's much easier to get the security right in ONE place, than relying on the goodwill of the community to A) write clean code, B) catch bad code.

>>1015813

>trusted/VIP uploaders

Who totally cannot be compromised maliciously or through bribes. How many retards just blindly install what their package manager tells them to without even verifying the hashes?

>>1015817

>basically boil down to "well you see anon, assuming you were being a retard one day..."

However that is how most people get viruses. Believe it or not.

>>1015818

>blindly install what their package manager

I'm on Windows. I have many but don't have to use them and I don't. Windows Store(only nonserver/nonLTSB user goyim), PowerShell and I think there was another one

>>1015812

>>1015808

Read a goddamn book.

Off the top of my head, from real world examples:

* Pre-installed malware from vendor

* Malware installed alongside something else, either via acutal original CD or download. Some bundle shit (even obnoxiously obvious as toolbars), some servers get compromised to serve up installers with 'additional features'

* actual 0day against your system - eg: wannacry

* You're a dumb fuck who installed it and bypassed UAC already - what was the correct download button again?

* You've been singled out and targeted

* File sharing with extra payloads

* drive-by browser exploit - you go to the wrong webpage, or are even redirected to it or it loads in an invisible iframe of some other compromised site

* router compromised because it's both out of date and shit, injects/alters your traffic or redirects DNS elsewhere

The list just goes on.

Attackers need to know a thousand ways to breach a system, but only need to leave one trace to be found. Defenders need to know a thousand ways to protect a system, but only need to find one clue of compromise (or attempts of).

The goyim are too stupid to operate computers. A system designed by benevolent Jewish thought leaders could provide a system outlined below.

>All software should be delivered over the internet by TRUSTED companies and ONLY executed inside a BROWSER.

>Only the TRUSTED company can update the BROWSER OS.

>Internet ID required at all times to ensure the safety of the COMMUNITY.

>Software is always UP TO DATE.

>Every citizen has access to the GLOBAL library of provided software.

>Malicious agents who abuse their internet privileges (spreading fake news, hate speech, bullying) can have their access suspended or ultimately permanently disconnected.

This system is good because it stops terrorists, pedos, drug dealers and other such hostiles from misusing computer equipment for malevolent deeds. Anyone who objects is suspicious.

>>1015823

>drive-by browser exploit

nice to see it mentioned and other thing is that tbb doesn't even block frames

>>1015846

lol, you are actually retarded, aren't you

>>1015837

Ten points to Gryffindor. This shit happens in the wild.

>Which is an X11 client running as the same user as you.

>Last time I checked, you could simply attach strace to gksu and see the password when the user types it.

>Are you one of those faggots who changes the definition of "correct configuration" every week when you learn about a new vuln? 10 years ago _nothing_ was using caps.

It doesn't matter how it was last time you checked, it's fixed now. Every system has had exploits and gotten more secure over time, fuck off.

>And right now, no matter how your system is configured, I could literally just modify your bashrc to load a fake version of sudo or any other program. But still, this doesn't matter, because I'm not even interested in getting root, since I already have all your documents.

You would have to provide a modified version of all the tools. That would be impractical compared to doing it at the kernel level. And the root user would still be allowed to see it.

>So they all are full of code execution vulns.

Provide me a proof of concept that will do privilege escalation on my system or stfu.

>Running some shit as your own user is literally equivalent to running everything as root, for reasons stated above.

And your reasons are shit.

>implying A/V is useful

>implying it's not trivial to write a universal A/V bypass

>implying A/V has any purpose other than to reduce number of bots in a botnet

If you manage to prevent 50% of infections, then that's better than nothing dipshit.

>There are plenty of reasons you fucking oblivious nignog. I'm sure direct X triggers it. Steam overlay might trigger it because it injects code. Fraps might trigger it because it injects code.

Not it doesn't.

What's the fucking alternative according to you? Rewrite everything in lisp? Yeah good luck with that.

And good luck manually managing what files each executable can access without your computing experience turning to a never ending shitstorm of UAC prompts.

If all you do is browsing facebook sure, iOS might work for you, but for anything more complicated you're going to be using various tools on your files anyways.

>>1015765

>Nobody here is running UNIX,

Linux is indistinguishable from UNIX aside from fags who take UNIX seriously. Even Windows is basically UNIX since it's the same bullshit based around a C API and files.

>the old thing that the UNIX-Haters Handbook references.

never read it.

>Most of us are using some recent Linux distro, or a modern BSD derivative. They're all different and many can do more than just DAC, although some need kernel patches for that.

YES. They can do MAC, which nobody uses. Securing the user against himself is a non-goal.

>If I want to do something as root, I login on a unusued tty, and do it right there.

This is how I did it too and hence why I hate Linux. Even then it still has innate vulns. Even logging in is a pain in the ass. If you type your username and hit enter and then type the password without pausing sufficiently long after the enter key, part of the password goes to stdout instead of being captured. Absolute garbage. Right now on my Linux systems I just run everything as root.

>This is all done via those DAC things that you think are worktlesss. But they actually work if you use them properly like this, the way they were designed for.

Clearly they don't work if they require the user to do huge workarounds 100 times a day.

>BTW, before you say again "but nobody ever does this", you're wrong. I never fully trusted irc clients, so always create separate user for irc.

Literally write your own IRC client in a memory-safe PL. Problem solved. No DAC or even MAC needed. I stopped trying to get MAC to work around 2009 and went for capability-based security instead.

>>1015783

>we're talking about desktop users, who run everything as a single non-root user

>>1015786

ransomware _DOES NOT_ remotely require any privileges. if you run something as your own user on Linux or Windows it can do whatever it wants with all your files. who gives a fuck about system32? I can reinstall the OS. what matters is obviously only the user's files

>>1015795

this picture is literally smarter than 99% of neckbeard LARPers

>>1015797

>Try considering the permissions you'd need to have for a text editor and a game with a modder SDK to work correctly, and you'll see how annoying the whole thing is.

Because UNIX braindamage will make you answer questions like "hurr durr do you want give access to this SHM, socket, and file, etc". Because UNIX braindamage is full of retarded global namespaces. The capability security model in contrast makes sandboxing much easier.

>Also that comic is retarded, admin access allows much stronger malware persistence and thus allows for long term data theft and botnetting, something that's not possible without sudo.

Already debunked ITT. Also user level rootkit is a big and old topic.

>In the off chance you're not trolling, a virus running as admin can do nastier things, such as embedding itself within your motherboard, within your hardware firmware (especially for I/O devices), and generally making itself a lot harder to detect.

And you're relying on shitty Linux/Windows OSs to have no escalation vulns. You're already owned. Everyone here already knows the way to run untrusted software is on a separate machine. If we had a capability-secure OS we could run it on any machine and know it wont escalate, but for now we're stuck with UNIX braindamage.

>not stored locally and

doesn't matter since they pass through your local userspace

>passwords can't be read out without admin rights.

>So the browser may run as user but can't be accessed as user.

No system works like that jej. UNIX has nothing more than DAC. Stop pretending otherwise.

>only if the user uses a client program

>rest of post

No, what....

>>1015805

t. UNIX cuck

>>1015806

go back to /g/ you cock sucker. people that don't understand basics of how their beloved UNIX works should fuck off

>everything locked behind bitcoin paywall or your whole motherboard is bricked

malware does this even without admin/root privs

>Downloading from trusted/VIP uploaders and uploading the exe to virustotal.com?

LOLLLLLL what am I on Unknown Cheats or RIN?

>>1015818

the fuck are you on about. sane package managers do cryptographic verification. that wont stop you from getting malware from upstream. UNIX is DAC so the moment a single package (and it has tons of redundant packages because UNIX is bloat) is compromised, you're fucked. are you saying you verify against the upstream signatures? LOL. enjoy your marginal security gains while there are much bigger problems you are not addressing

>>1015837

>doesn't block frames

is this 1994? shut the fuck up. if you're using a firefox fork you're already pozzed. There are _millions_ of ways for a website to "stealthly" include files, one of which is frames.

>you go to the wrong webpage

>He still thinks some vague form of "trust" can be attributed to what is written in the URL bar

>hur durr don't type gewgle.com, it might be a virus

>2019

>TWENTY YEARS after 1999, when i thought this retard-think has vanished

>>1015846

>>Pre-installed malware from vendor

>This assumes the person buying/using the computer is a complete fucking retard

wut

>>You've been singled out and targeted

>BY WHO? HOW?

if it's a targeted attack you're already pwned. Every UNIX system has literally millions of vulns which are unintentionally patched and introduced every day in the latest UX update.

>>File sharing with extra payloads

>This assumes the person using the computer is a complete fucking retard

<he thinks malware has to be in a .exe

>>1015846

This isn't even bait at this point.

He's basacally saying security is not needed because people dont make mistakes.

>>1015908

>It doesn't matter how it was last time you checked, it's fixed now. Every system has had exploits and gotten more secure over time, fuck off.

Learn what the problem with an ad-hoc hypothesis is and fuck off.

Here is how it goes in UNIX land:

>We support DAC!

>news articles say UNIX is super duper secure because it has DAC (even though literally every OS in use has it since 1999)

>some dickfuck tries to secure the user from itself

>realizes hole #5273857128951 exists, unaware that UNIX only supports DAC

>plugs hole #5273857128951, but for some godforsaken reason, does not know that there are still a billion other holes, because user is not meant to be secured against itself, literally only half the programmers of the system at most even are aware of the concept of the user being secure against itself (hence why userspace programs will trust data in ~ and even CWD)

>You would have to provide a modified version of all the tools. That would be impractical compared to doing it at the kernel level.

<It's impractical to implement malware so nobody will ever attack my system

LOL!

>And the root user would still be allowed to see it.

Implying these absolute retards will ever check, including you, who only just know learned that the user is not secure against itself

>Provide me a proof of concept that will do privilege escalation on my system or stfu.

Maybe I will do this at some point so I don't have to keep writing the same shit to every UNIX shithead I encounter. But I mean the proof is already here for people capable of basic logic:

>Average user has 500 libraries each written by multiple devs

>Most of these devs do not try to sanitize data provided by ~ or even CWD (how often do you see some open source software painstakingly parse a config file while avoiding edge cases that a normal user will never cause. maybe OpenSSH does it [and that codebase is a complete clusterfuck] but most software does not even try)

This draws parallels of how my team used to exploit websites and get access to the admin panel, then since the admin panel is poorly secured against RCE (because again: devs think the data here is trusted), we can get filesystem access and install malware on the system.

>If you manage to prevent 50% of infections, then that's better than nothing dipshit.

LOL he backed off into a corner. UNIXfags btfo again. No, it's better to write a new OS from scratch and not care about UNIX cancer.

>What's the fucking alternative according to you? Rewrite everything in lisp? Yeah good luck with that.

Rewrite everyhing in a real PL like SML.

>Good luck with that

already did half of it m8

>>X and Y triggers UAC

>Not it doesn't.

Ummm then what _does_ trigger UAC? Nothing? Most HIPS block WriteProcessMemory so you can't move your malware into another process (until the user fails to understand the warning and presses the yes button).

>And good luck manually managing what files each executable can access without your computing experience turning to a never ending shitstorm of UAC prompts.

I don't get it, are you agreeing with me? This is why I turn off UAC. It's endless promps that don't actually help security.

>>1015800

Instantly breaks 99% of software, and you'd need to do some incredibly tedious work to even read the README in a program's folder.

Also, how can multiple binaries with shared data files even work out of the box?

Examples include tools offering a CLI binary and a GUI binary such as 7zip, games including a level editor binary, and large work suites such as matlab.

>>1015809

>but to most people, their most valued assets are in their home directory.

Attackers do not care too much about what you find valuable, they care about what is valuable for them.

One more computer in their botnet is pretty valuable, as it's one more layer of security between them and the law, and that requires root to be able to cover your tracks.

Your credit card info is very valuable too, and that requires long term logging of your actions.

Your dick pics are easy to access but also not something attackers really care about.

Ransomware is a thing, but not too popular since getting paid safely is hard.

>but the alternative is running software, and hoping it doesn't do anything evil.

The other alternative is coming up with a non-retarded permission system instead of shitting out one more idiotic one.

Microsoft is doing some promising work with local registry hives, but it's far from a full sandbox.

>>1015815

>It's much easier to get the security right in ONE place

Calling a complex permission system "one place" is cheating.

It's cleaner code for sure, and it's better than what we have now, but let's not pretend it would be easy to write correctly.

Absolutely nothing.

>T. terry davis

>>1015928

>Instantly breaks 99% of software

Correct, we should have a capabilty-secure OS in SML, instead of pandering to UNIX trash.

>Also, how can multiple binaries with shared data files even work out of the box?

By separating code from data.

>One more computer in their botnet is pretty valuable, as it's one more layer of security between them and the law, and that requires root to be able to cover your tracks.

most skiddos have never even bothered going for root or hiding their tracks......

>i don't care that malware has access to all my files because my market reasoning (pulled from my ass) says they only care about getting r00t

LOL. typical darwinist cancer

>Your credit card info is very valuable too, and that requires long term logging of your actions.

Yes, which is easily done in userspace

>>1015923

So he is a C/C++ weenie?

>>1015949

>you're telling people they're wrong, therefore you're complaining about stuff. checkmate

>you might as well run everything as root because muh bashrc and muh C vulnerabilities

<does not understand anything

>There are already kernels with capability-based security.

how do you know this but don't understand the purpose of user isolation in UNIX

>he actually takes the "there's probably a hole somewhere so I might as well spread my ass all the way" approach to security

No, you are the retard monkey LARPing as a UNIXfag.

There aren't holes. It's by design that the user can access all of the stuff the user has access to. Whether you log into root to install a driver or just always be root, does not change this. UNIX only has DAC and nothing more, dickfuck.

>>1015809

If you want to restrict processes to a subset of the filesystem you already have SELinux, AppArmor, BSD Jails, containers, you can make one user per application like Android does, and probably more solutions I don't know about. What's your problem with Linux and UNIX again? If those OSes are insecure, WHAT operating system do you use? You already said you don't like Windows NT.

HOW do you know your fucking utopian perfect OS is even POSSIBLE to implement in the modern world?

>inb4 this obscure OS that existed for a few years in the 80s

That was a vastly simpler environment where the most complex drivers you had were for a serial interface for a VT100, a single tape reader and a single dot matrix printer, and your user only had two or three files which they edited with vi for their research project.

This anime fag makes some great points.

Windows and Mac are like do download malware and get fucked. Whereas linux is like don't download malware.

That's what I call empowering the user.

It's just a bait thread. OP is clearly a troll.

I have a windows box where I run everything as admin, I run pirated games and software. I also use some websites for work/avoiding work. I have kept a close eye on its network traffic because if you listen to the internet an unpatched windows 7 box with spectre and meltdown should get pwned in 5 minutes. This pc has gone 3 years without getting any virus that I can observe. OP is a faggot, but with common sense/good torrents it really is hard to get a virus or stolen creds. I also have a crypto wallet on there to see if it ever gets emptied, never has.

>>1016112

>Viruses only happen to other people.

>>1015975

I'm not him but there is the model of capability based computer security. OS implementations of this kind of technology do exist.

>>1016112

I have a windowless box apartment in San Fransisco as a gayman, I butt pirate other gays without protection and suck dick. I also use grindr apps for work/avoiding work. I have kept a close eye on my blood tests because if you're a scene boy having unprotected fag sex with gonorrhea and HIV you can get pwned in 5 minutes in a back alley. This cock has gone 3 years without getting any virus that I can observe. I am a faggot, but with common sense/good bottoms it really is hard to get a AIDS or even HIV. I also have a crypto wallet on there to see if it ever gets emptied during gay orgies, never has.

>>1016117

Isnt that what I just mentioned? (selinux etc)

>>1016119

Nice.

Genuinely can no longer tell if OP is faggot troll or genuine autist.

>>1016119

kek, well memed. I hope you aren't saying I should run everything in some vm world or container, I like computing enviroments that I can smash with a hammer.

>>1016126

SELinux doesn't exactly follow all the features of the capability model to security. In the capability model, the capability token is communicable meaning it can pass from process to process. This doesn't happen for SELinux that works on access controls.

>>1016136

Genuine autist

This thread has done nothing else than validate my approach to assuming full ownership of everything on my system and running everything as admin.

Anyone not doing this is basically a closeted bugchaser since

A) UAC won't save you if you're anencephalic and soon enough you'll suffer a freudian slip and choke on cock

B) if you're not a bugchaser, what are you doing exposing yourself to the poz?

If you don't observe PERSEC then no amount of software-level safeguards will be of any relevance

>>1015956

>UNIX only has DAC and nothing more, dickfuck.

While it's gotten fucky, there are kernel patches out there to enforce MAC on linux.

You're mostly correct about these issues though. In a system where some form of privesc is possible any bad program is a threat. The problem is that the whole industry is retarded and they don't want to spend the money to dev a real solution. Like say ksos 11 which was a fully theorem proved OS developed by the DOD to run routers.

kudos, I actually enjoyed this thread. Non-root does not fix everything, QubesOS and the tranny are on the right track.

>>1015610

>You should just know what you're about to run before you run it then you don't have to trust shitty privilege systems.

too bad that malware can use 'alias', ay?

PKI ensures legitimate software more than pure hashes and UAC, but you've got to be a fool to willingly abandon a useful security abstraction.

<but muh data is still vulnerable

backups and filesystem encryption are data security solutions, use them

>>1015711

>linux distros

found your problem there, Linux is corporate drivel, almost all kernel work is paid for by Intel and IBM, companies notable for security flaws.

>>1015795

would it not be solved if the risky aplication would be on another useracount?

>>1016286

>I never make mistakes ever

Sure thing anon!

>>1015966

>>you're telling people they're wrong, therefore you're complaining about stuff. checkmate

>Amazing strawman.

Are you making an argument?

>Here's the thing: imperfect security is still better than no security at all.

That's not how it works. The masses adopted that statement to say it's okay to use software that might have vulns in it. You're using it to say it's okay to use something that is insecure by design, which is completely different.

>but in the meantime I'll stick with running things as a regular user + separate users for different processes + occasional firejail sandboxes.

We're talking about running everything as a single non-root user here.

>Will logging in as a regular user protect me much more than logging directly into root? Maybe, maybe not, but I'll take that extra little layer of security even if it isn't much.

There is absolutely no security retard. Look how stupid you look typing sudo followed by a password every minute when your malware can simply record the password as you type it, and then run sudo itself.

>You are a sad, angry little man. You have my pity.

This sounds like the classic reddit "argument": "I bet ur fun at parties". Cock sucker.

>>1015975

>HOW do you know your fucking utopian perfect OS is even POSSIBLE to implement in the modern world?

I just found out my OS is fucking retarded

oh it must be impossible to implement something else, surely they would have done it otherwise

t. nodev

>having basic isolation is utopia

LOL WUT? this can be done in 0 lines of code in a memory-safe PL with no global variables.

>That was a vastly simpler environment where the most complex drivers you had were for a serial interface for a VT100, a single tape reader and a single dot matrix printer, and your user only had two or three files which they edited with vi for their research project.

OS dev is magically hard because different hardware exists

>>1016146

Correct, SELinux has nothing to do with the capability security model.

>>1016217

>While it's gotten fucky, there are kernel patches out there to enforce MAC on linux.

Yeah but nobody uses MAC and much less the idiots ITT who think they can safely execute malware because they type sudo followed by their password 50 times per day.

>In a system where some form of privesc is possible any bad program is a threat.

Privilege escalation can only be done by a few people who know unpatched exploits. Meanwhile, owning a user who runs everything as himself instead of root is trivial and always will be. If there were no vulnerabilities in Linux, you'd still be able to pwn a user who runs everything as a non-root user as well as your malware, since that's be design.

>>1016228

Are you talking about malware like what this thread is about? How will PKI or encryption fix this? The moment you can see the cleartext of a file, so can the malware.

If you were able to use XP without getting malware, you don't need UAC or a limited user account.

/thread tbh

>>1016336

> it must be impossible to implement something else

It's not impossible, it would just be so cumbersome to manually specify which parts of the filesystem each process can access that nobody would do it. You don't need any particular modification to the kernel either, you can do it by creating multiple users, SELinux policies, etc.

And I don't see how those capabilities would help you out here, because its not possible to programatically figure out which programs should have access to which parts of the filesystem.

A process being a child of another doesnt mean it needs strictly less privileges that its parent, it might need more or it might need less, I don't see how the parent being able to grant its privileges helps you out at all.

>OS dev is magically hard because different hardware exists

It's not magic, the way more diversity of hardware, protocols and functionality increases the difficulty of developing and maintaining an operating system is pretty simple. The more things you need your OS to do and interact with, the more man hours you need to spend writing, testing and maintaining the different components.

>>1016336

>>having basic isolation is utopia

>LOL WUT? this can be done in 0 lines of code in a memory-safe PL with no global variables.

I'm not talking about "basic isolation", whatever that is. Im talking about the non existent operating system that you would consider satisfactory, yet would be suitable for day to day usage.

Do you even have a proof of concept? No? If it's so easy why haven't you written one?

>>1016112

>>1016213

>>1016350

This TBH. The primary benefit of privileges is preventing badly written software from raping my entire machine, and putting nice tight diapers on retarded family/friends/coworkers/clients to keep them from shitting up their playpen. For actual security against malign actors, your only real tool on modern systems is common sense.

>>1016353

>>1016358

Start here:

https://en.wikipedia.org/wiki/Capability-based_security#Implementations

>>1016353

>>1016358

I'm >>1016336, not >>1015809

>It's not magic, the way more diversity of hardware, protocols and functionality increases the difficulty of developing and maintaining an operating system is pretty simple. The more things you need your OS to do and interact with, the more man hours you need to spend writing, testing and maintaining the different components.

I have my own OS and it only works on my hardware. If someone wants to use it he can port it. Meanwhile in Linux land you bruteforce the fuck out of the hardware until you mistakenly identify it as configuration #52378572385 and go on and have a shitty unstable system. Oh you need actual engineering instead of waving your hands and saying "it just werks", who woulda thunk? Everything is written in SML and global variables are disabled. So program A has access to nothing by default until program B passes something to it.

>>1016367 (cont)

And i know some UNIXnigger wont be able to comprehend this, but there are no syscalls or builtin functions that can do anything with side effects

>>1016362

>https://en.wikipedia.org/wiki/Capability-based_security#Implementations

The Flex machine is pretty amazing. It's a stack machine designed for Algol 68 with a microcoded GC and closures as a native data type.

https://en.wikipedia.org/wiki/Flex_machine

http://www.tendra.org/Currie81-firmware.pdf

http://www.tendra.org/Foster79-intro.pdf

user vs. elevated privileges making hacking harder

I've taken some pentesting/infosec classes, and having a regular reverse shell has limited usefulness, which makes things more difficult

having a reverse root shell makes things much easier

sometimes you can do privilege escalation, if it's running a really old kernel, but that's not always the case

look up capability-based permissions

>>1016393

>sometimes you can do privilege escalation, if it's running a really old kernel, but that's not always the case

It is "always the case" that's the point of the thread. You might not know how you could right away. The whole OS environment is made in a way that allows more privescs to be possible than you could find in your whole life. How do I know this ? Look at the number of man hours spent finding them. Look at the number of man hours spent fixing them. Look at the huge number found over the years. Look at the huge loss of productivity and human potential this whole "worse is better" attitude has caused.

The only way to prevent this kind of thing isn't just MAC it's theorem proving the whole OS and the hardware. Simply stomping bugs as they show up is never going to stop undefined behavior from leading to security issues. The only way to fix this is to eliminate undefined behavior. What people like you do, by having the attitude you have is harmful. It's like trying to stop a bleeding artery shooting blood across the room with a band aid. The "pentesting" and "computer security" industries have a huge incentive in not fixing things. Don't take pentesting classes and sell your soul to become a professional snake oil salesman.

>>1016336

>You're using it to say it's okay to use something that is insecure by design, which is completely different.

See below.

>There is absolutely no security retard. Look how stupid you look typing sudo followed by a password every minute when your malware can simply record the password as you type it, and then run sudo itself.

The point was that this situation is still slightly better than malware not having to scan for your password because it already has root and can fuck over your system immediately. "Absolutely no security" my ass, not to mention that you can completely avoid this issue if you avoid X11, use a better shell, or sandbox your shit properly.

>This sounds like the classic reddit "argument": "I bet ur fun at parties". Cock sucker.

It wasn't an argument, it was a statement. Even if you have some valid points you sound so fucking salty that most anons will just disregard you, which makes this entire idea of educating anons about their security pointless.

>>1016367

Are you using your own OS to post here? I didnt just mention hardware, I also mentioned protocols and practicality for day to day use.

bump

>UAC

Gtfo winfag

idk about that but turning off password protection of sudo makes it easier to use if you have a secure password and need it often. its just annoying when so many things need it and its always asking for passwords.

>>1024657

maybe they installed it with a distro package manager and the package is configured to put everything in locations that only root can access? lots of things like to use /var or /usr and normal users cant write there.