Good Morning!
Full ACK
Look, the sense of sudo in linux is, they have a bump more to think what you are doing. Running stuff out of a Data dir is the opposite. Installing an app with admins rights is the do-it-responsible: should I check it before? Downloading stuff comparing with checksums from different location (to have no single point of failure) and so on. Dektop code that changes out of admins focus is as bad as it could be. Crap in browser gets at least the browser security against it, as little as it is. So, in that, even JS is better then transparent changing apps.
Non of it is fool proof, but the idea is
https://twitter.com/MackayIM/status/1319901144836026368Self modifying code in Data folder removes important layers from this approach.
Hardening the net is like a bee hive. Once inside, no resistance any more. And the auto loader is a hole changing data, isn't it?
>I can't deny embolded. But as you also acknowledge, there is worse. Every local JS based (Electron, React Native, Nativescript) IMO has doors to drive a big Antonov through without any paint scratches, NPM set aside. Python also allows monkeypatching - vfp is safer a lot (even with eval, Errorhandler set as global and similar easy to use chinks. Every dynamic language is - and packages done in Java or any Dotnet can be ILSpyed or refactored - definatly more effort, but doable. There is even a C++ refactorer on the market - unless you obfuscate you arean easy target, otherwise a difficult one.
>
>My morals on this are ok on my scale - I give clients honest appraisal, not even at hourly rates, but over long lunches or dinners they pay for and give them straight truth as I see it - if you need security, best one is cheap: called air gap. Otherwise defend your network, because somewhere is an opening. Placing programs under programs is MS official way, but mostly a paper tiger. I offered added security (back when mostly ReFox, - only 1 taker, today that customer would get the Chens C++ treatment - have not bought it (yet)), but send them some links describing holes in existing approach with offer to close worst ones with a CC to myself. After that, fear of law suite does not faze me a lot, even more as most customers appreciate the "talk over dinner" offer.
>
>As long as clients are informed in truthful detail in advance - ok with me, as they are the ones paying the otherwise added effort. And lucky me most of the time is not involved in those tasks.
>
>Yes, Windoze approach is SNAFUD, Linux not as much, but do you REALLY think all the scripts running after sudo are checked ? The SW itself to a larger degree, but installation process ? Safety is in Air Gaps+Backups, , Anti-Virus+Banking loading dedicated OS ... Even paranoid me only has Pi-Hole to eliminate some traffic, secluded "work" subnet and surfs from a Linux on still another subnet.
>
>
>EVAL() is just like SQL-Injection. If you use it, you must parse it before. VFP is a security problem at large. The best is stuff not included into the exe. User defined reports, for example. One can do a lot of fun with this. But this does not mean to provoke it by bad habits.
>
>Error Handling another nice entry, or squeezing other prg/class into search patch/set classlib... Lots of fun reading out the "encrypted" tables from inside in minutes, as program has to decode IAC.
>
>>>As it is still 2min Friday: vfp app and esp. screens ARE data!
>>>And a lot of bad stuff can happen to dynamic systems (about everything using a form of eval() from data dirs...
Words are given to man to enable him to conceal his true feelings.
Charles Maurice de Talleyrand-Périgord
Weeks of programming can save you hours of planning.
OffThere is no place like [::1]
