It's not that simple.

Problem is that a lot of exploits run with privs for the service that they target not the user. So if a user with no privs runs a server that requires root privileges, a buffer overflow (for example) will get the root privs not the limited user privs.

That's behavior that's embedded deeply in past code practices, so it's tremendously hard to find and remove all vestiges of insecure implementations - and as Achilles found out, it only takes one flaw in the armor...

There's also an economic issue at play, the effort to secure existing implementations is expensive, and there's a more attractive ROI on investments in developing new features - which incidentally are cheaper to develop "quick and dirty" without attention to security (off topic question, anyone know if there's been any statistics on security experience with RAD or other extreme programming projects?).

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11209/33947#33947