From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,6482d0ae6dcb1b4c
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-09-28 22:13:05 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!newsmi-us.news.garr.it!NewsITBone-GARR!area.cu.mi.it!newsfeeder.edisontel.com!fu-berlin.de!uni-berlin.de!hse-mtl-ppp74259.qc.sympatico.CA!not-for-mail
From: Christopher Browne <cbbrowne@acm.org>
Newsgroups: comp.lang.ada
Subject: Re: if file exist
Date: 29 Sep 2002 05:13:04 GMT
Organization: cbbrowne Computing Inc
Message-ID: <an6250$b9hg1$1@ID-125932.news.dfncis.de>
References: <dale-93E17F.21255422092002@mec2.bigpond.net.au>
 <x7vd6r6rskf.fsf@pushface.org>
 <dale-E40317.08192523092002@mec2.bigpond.net.au>
 <x7vy99twam9.fsf@pushface.org> <mv2OjUUhp2Hh@eisner.encompasserve.org>
 <3d9245da.259420486@news.cis.dfn.de> <3D933A6B.5000105@cogeco.ca>
 <wccadm41jqs.fsf@shell01.TheWorld.com>
 <8db3d6c8.0209270247.5bf07ae5@posting.google.com>
 <up99ko7dg3e2bd@corp.supernews.com> <yec7kh6ud49.fsf@king.cts.com>
 <an49ek$eva$1@slb7.atl.mindspring.net> <yecheg9762r.fsf@king.cts.com>
NNTP-Posting-Host: hse-mtl-ppp74259.qc.sympatico.ca (64.229.208.36)
X-Trace: fu-berlin.de 1033276384 11847169 64.229.208.36 (16 [125932])
X-Draft-From: ("nntp+chvatal:comp.lang.ada" 2987)
X-Home-Page: http://www.cbbrowne.com/info/
X-Emacs-Acronym: Embarrassed Manual-Writer Accused of Communist Subversion
Microsoft: Where even the version numbers aren't Y2K-compliant
X-Uboat-Death-Message: TORPEDOED BY TINY GNATS. EXPLODING. U-19.
Xref: archiver1.google.com comp.lang.ada:29410
Date: 2002-09-29T05:13:04+00:00
List-Id: <comp.lang.ada>

In the last exciting episode, Keith Thompson <kst@cts.com> wrote::
> "Marin David Condic" <mcondic.auntie.spam@acm.org> writes:
>> Q: Are you a spy?
>> 
>> A: I'm not allowed to say...
>> 
>> Maybe its better to think about it from the OS level - provide something in
>> an OS interface package that says "We'll return whatever information the OS
>> will give us about the file and it is OS dependent as to what the result
>> is..." That way whatever security the OS wants to provide is respected.
>
> I don't think we are (or should be) debating whether to respect the
> security provided by the OS.  Violating OS security isn't just a bad
> idea, it's just plain impossible (barring OS bugs, of course).

FYI, here are two /highly/ relevant links to documents concerning
a Multics security evaluation done back in 1974.

http://csrc.nist.gov/publications/history/karg74.pdf
http://domino.watson.ibm.com/library/cyberdig.nsf/papers?SearchView&Query=(multics)

Part of the conclusion was that Multics /wasn't/ acceptably secure,
back then, and that some modifications to the security design would be
required to make it /really/ secure.  The OSes of today have downright
moved backwards from that.

Another part of the conclusion was that part of the security Multics
/did/ have came from the string support in PL/1.  The buffer overruns
that C is famed for wouldn't happen in PL/1, and more than likely
aren't Ada things either...

Some interesting principles pop out, in any case...
-- 
(concatenate 'string "cbbrowne" "@ntlug.org")
http://cbbrowne.com/info/multics.html
I've had a perfectly wonderful evening. But this wasn't it.
-- Groucho Marx