From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,b95a522100671708
X-Google-Attributes: gid103376,public
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news2.google.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: For the AdaOS folks
Date: Tue, 4 Jan 2005 10:59:45 +0100
Organization: cbb software GmbH
Message-ID: <24hf82mgtexu$.c07xlxejxm1c$.dlg@40tude.net>
References: <Gq2dnUK90vVhBVLcRVn-1w@gbronline.com>
 <gemini.i9ih0y000ys1c02s4.nick.roberts@acm.org>
 <1PTAd.1218$0y4.421@read1.cgocable.net>
 <1vemlj8wqr9ea$.qyecszhsmtqa$.dlg@40tude.net>
 <J1WAd.1244$0y4.989@read1.cgocable.net>
 <1b48kdfqsk3mw.7gajq12fsa82.dlg@40tude.net>
 <KKaBd.3134$0y4.3044@read1.cgocable.net>
 <rnpnk8lhy0dy$.1m9qo6kbu5art$.dlg@40tude.net>
 <52fBd.42256$nV.1324414@news20.bellglobal.com>
 <q7q4e8yse44r.zlbrtj5nywu0$.dlg@40tude.net>
 <_gHBd.14666$0y4.10314@read1.cgocable.net>
 <8rz51zshvp8k$.gvir0kpiedzk.dlg@40tude.net>
 <Lc_Bd.14747$Y_4.1334651@read2.cgocable.net>
 <1cza5d5x7snmd.lr7wfm9fdsvd.dlg@40tude.net>
 <jveCd.15296$Y_4.1365327@read2.cgocable.net>
 <1hwsfqc0hx63i$.1dl0hkengaf6i$.dlg@40tude.net>
 <nDgCd.15313$Y_4.1370247@read2.cgocable.net>
 <1klgtuv6sbypt.1wlc9u1ixz7ua$.dlg@40tude.net>
 <z7iCd.15318$Y_4.1372013@read2.cgocable.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net UzRPTA0zx6HoSr0nsrsvtQqZdllefpzjLKEIRbV/juqsrdaLs=
User-Agent: 40tude_Dialog/2.0.12.1
Xref: g2news1.google.com comp.lang.ada:7422
Date: 2005-01-04T10:59:45+01:00
List-Id: <comp.lang.ada>

On Mon, 03 Jan 2005 15:44:17 -0500, Warren W. Gay VE3WWG wrote:

> Dmitry A. Kazakov wrote:
>> 
>> But in our hypothetical OS each possible way of access will be represented
>> by some safe system object. These objects, when properly designed will
>> provide necessary administrative services. 
> 
> If you are a night watchman for a Mall, which situation makes it
> easier to sleep at night when you've locked up and gone home?
> 
>    1. A mall with one or two doors on the outside to be
>       locked and checked.
>    2. A mall with thousands of doors on the outside to be
>       locked and checked.
> 
> The answer is obvious. Sure, it is ok for other doors to exist
> inside the mall (for each store), which can be locked, but it
> only makes sense to choke the security at a minimal number
> of points.

But you can approach the problem in other ways. You could change people to
make impossible for somebody to steal. You could make objects unusable when
stolen etc.

>> Do you have one "gate" for hard drive I/O? 
> 
> Yes, actually. The kernel controls the issuing of the IDE
> commands, so that no process can permanently destroy the
> IDE drive (which can be done, if certain commands are issued).
> Not to mention that partition scope(s) must be enforced.

It is no different from handling TCP/IP sockets. So the problem lies
elsewhere above. Anybody may try to open a file.

> File systems mitigate access to the thousands of objects
> that exist within the file system. In a hierarchical system
> of directories, you have upper levels of choke points (in
> parent directories), as well as the ability to control
> access on the object itself.

Yes, that is the point. Files are primitive, but objects. It is much easier
to enforce security in a hierarchical system than in a flat sea of
unstructured data.

>> Do you need a firewall to tunnel open/close/read/write to floppy
>> drives? It would be nonsense. 
> 
> Maybe its not your floppy. Maybe it belongs to
> another user (perhaps a student/coworker/spouse).

But how a tunnel might help with that? It does not know who is the owner.

>> The problem is that network protocols do not
>> have safety of a file system. 
> 
> A file system is confined.

Come on, there were multi-user OSes before Windows. Even UNIX pretended to
be one.

> A network is exposed by
> definition. That is the element that makes network
> security so difficult. It has very little to do
> with which came first.
> 
>>>Even at home, there is much more safety in doing things this way.
>> 
>> It an imaginary safety.
> 
> Not at all. While it is not the entire answer to network
> security, you court disaster without one. You will not find
> one network security expert to suggest what you are promoting.

Sure, why should they kill a hen carrying the gold eggs? (:-)) Did you ever
hear from any company selling anti-virus software that the only problem
with viruses is OS?

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de