From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,85034d1ac78a66eb X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-03-27 20:34:30 PST Path: archiver1.google.com!news1.google.com!sn-xit-02!sn-post-01!supernews.com!news.supernews.com!not-for-mail From: James Ross Newsgroups: comp.lang.ada Subject: Re: Ada Operating System Date: Wed, 27 Mar 2002 22:34:16 -0600 Organization: Posted via Supernews, http://www.supernews.com Message-ID: <6c55au8m539tmegu6u7rpli47ik51ssvrm@4ax.com> References: <3C88E0D1.89161C16@despammed.com> <3C9514DD.9CF1F84A@san.rr.com> <99da9u0909rsblfdcc1ru7jd2r9q461qhk@4ax.com> <436o9uc7jg590rv5rb1l9v6be8vk49s278@4ax.com> <3CA0A0EA.F0CEEC89@despammed.com> X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: newsabuse@supernews.com Xref: archiver1.google.com comp.lang.ada:21744 Date: 2002-03-27T22:34:16-06:00 List-Id: On Tue, 26 Mar 2002 13:01:44 -0500, "Marin David Condic" wrote: >There would obviously be a need to make sure that the process by which this >was done would not be so simple as to let it happen accidentally, nor should >it be allowed without some confirmation that the person doing it was >actually allowed to do so. Hence the notion of a "Secret Handshake". I agree that such a "shoot yourself in the foot" mode should be a big inconvenience or you would have people using that mode to solve common problems. I.e. logging in as root on UNIX to do the stuff you have to do. This mode should be for disaster recovery only and avoided completely under any other conditions. A version of the OS could be compiled specifically for developing the OS itself that could switch easily between the modes **IF** that were necessary, I am not to sure that it would be. One idea that came to mind is that during an install by the Admin a key would be given to him. Something equivalent of an OEM key for a MS product. (aren't those a pain?). Only on a cold reboot and with that key would he be able to enter the unsafe mode. That key would be stored on the system encrypted using industrial strength encryption to make it very difficult for hackers to break it even if they did get passed the other security protecting where it is stored. >Clearly if this, as yet hypothetical OS, were to be produced and made >available in source code, someone would find any back doors & make them >known. That actually brings up another problem: Assuming you were billing >the system as "secure" by some definition, how would you be sure that any >given distribution *didn't* include a back door? That would be one heck of >an audit process, eh? :-) You could come up with an Open Source License that stipulated that you can use it for free but you can't publicly distribute it. Also, any changes made to the OS code base must be given back to the project. Then maintain a single distribution point of releases. Anyone wanting to make sure they got the "secure" version would then make sure they got it from that single distributor. This would definitely avoid the distribution plethora like you have with Linux. JR > >MDC