Re: For the AdaOS folks
From: Dmitry A. Kazakov (mailbox_at_dmitry-kazakov.de)
Date: 01/04/05
- Next message: Alex R. Mosteo: "Re: ANNOUNCE: GNAT Programming System 2.1.0"
- Previous message: Larry Kilgallen: "Re: Return_By_Reference or Return_By_Copy (GNAT bug?)"
- In reply to: Warren W. Gay VE3WWG: "Re: For the AdaOS folks"
- Next in thread: Warren W. Gay VE3WWG: "Re: For the AdaOS folks"
- Reply: Warren W. Gay VE3WWG: "Re: For the AdaOS folks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 4 Jan 2005 10:59:45 +0100
On Mon, 03 Jan 2005 15:44:17 -0500, Warren W. Gay VE3WWG wrote:
> Dmitry A. Kazakov wrote:
>>
>> But in our hypothetical OS each possible way of access will be represented
>> by some safe system object. These objects, when properly designed will
>> provide necessary administrative services.
>
> If you are a night watchman for a Mall, which situation makes it
> easier to sleep at night when you've locked up and gone home?
>
> 1. A mall with one or two doors on the outside to be
> locked and checked.
> 2. A mall with thousands of doors on the outside to be
> locked and checked.
>
> The answer is obvious. Sure, it is ok for other doors to exist
> inside the mall (for each store), which can be locked, but it
> only makes sense to choke the security at a minimal number
> of points.
But you can approach the problem in other ways. You could change people to
make impossible for somebody to steal. You could make objects unusable when
stolen etc.
>> Do you have one "gate" for hard drive I/O?
>
> Yes, actually. The kernel controls the issuing of the IDE
> commands, so that no process can permanently destroy the
> IDE drive (which can be done, if certain commands are issued).
> Not to mention that partition scope(s) must be enforced.
It is no different from handling TCP/IP sockets. So the problem lies
elsewhere above. Anybody may try to open a file.
> File systems mitigate access to the thousands of objects
> that exist within the file system. In a hierarchical system
> of directories, you have upper levels of choke points (in
> parent directories), as well as the ability to control
> access on the object itself.
Yes, that is the point. Files are primitive, but objects. It is much easier
to enforce security in a hierarchical system than in a flat sea of
unstructured data.
>> Do you need a firewall to tunnel open/close/read/write to floppy
>> drives? It would be nonsense.
>
> Maybe its not your floppy. Maybe it belongs to
> another user (perhaps a student/coworker/spouse).
But how a tunnel might help with that? It does not know who is the owner.
>> The problem is that network protocols do not
>> have safety of a file system.
>
> A file system is confined.
Come on, there were multi-user OSes before Windows. Even UNIX pretended to
be one.
> A network is exposed by
> definition. That is the element that makes network
> security so difficult. It has very little to do
> with which came first.
>
>>>Even at home, there is much more safety in doing things this way.
>>
>> It an imaginary safety.
>
> Not at all. While it is not the entire answer to network
> security, you court disaster without one. You will not find
> one network security expert to suggest what you are promoting.
Sure, why should they kill a hen carrying the gold eggs? (:-)) Did you ever
hear from any company selling anti-virus software that the only problem
with viruses is OS?
-- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de
- Next message: Alex R. Mosteo: "Re: ANNOUNCE: GNAT Programming System 2.1.0"
- Previous message: Larry Kilgallen: "Re: Return_By_Reference or Return_By_Copy (GNAT bug?)"
- In reply to: Warren W. Gay VE3WWG: "Re: For the AdaOS folks"
- Next in thread: Warren W. Gay VE3WWG: "Re: For the AdaOS folks"
- Reply: Warren W. Gay VE3WWG: "Re: For the AdaOS folks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
