From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,b95a522100671708
X-Google-Attributes: gid103376,public
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news1.google.com!news.maxwell.syr.edu!meganewsservers.com!feeder2.on.meganewsservers.com!feed.cgocable.net!read2.cgocable.net.POSTED!53ab2750!not-for-mail
From: "Warren W. Gay VE3WWG" <ve3wwg@NoSpam.cogeco.ca>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: For the AdaOS folks
References: <Gq2dnUK90vVhBVLcRVn-1w@gbronline.com>
 <gemini.i9ih0y000ys1c02s4.nick.roberts@acm.org>
 <1PTAd.1218$0y4.421@read1.cgocable.net>
 <1vemlj8wqr9ea$.qyecszhsmtqa$.dlg@40tude.net>
 <J1WAd.1244$0y4.989@read1.cgocable.net>
 <1b48kdfqsk3mw.7gajq12fsa82.dlg@40tude.net>
 <KKaBd.3134$0y4.3044@read1.cgocable.net>
 <rnpnk8lhy0dy$.1m9qo6kbu5art$.dlg@40tude.net>
 <52fBd.42256$nV.1324414@news20.bellglobal.com>
 <q7q4e8yse44r.zlbrtj5nywu0$.dlg@40tude.net>
 <_gHBd.14666$0y4.10314@read1.cgocable.net>
 <8rz51zshvp8k$.gvir0kpiedzk.dlg@40tude.net>
 <Lc_Bd.14747$Y_4.1334651@read2.cgocable.net>
 <1cza5d5x7snmd.lr7wfm9fdsvd.dlg@40tude.net>
 <jveCd.15296$Y_4.1365327@read2.cgocable.net>
 <1hwsfqc0hx63i$.1dl0hkengaf6i$.dlg@40tude.net>
 <nDgCd.15313$Y_4.1370247@read2.cgocable.net>
 <1klgtuv6sbypt.1wlc9u1ixz7ua$.dlg@40tude.net>
In-Reply-To: <1klgtuv6sbypt.1wlc9u1ixz7ua$.dlg@40tude.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <z7iCd.15318$Y_4.1372013@read2.cgocable.net>
Date: Mon, 03 Jan 2005 15:44:17 -0500
NNTP-Posting-Host: 24.150.168.167
X-Complaints-To: abuse@cogeco.ca
X-Trace: read2.cgocable.net 1104784991 24.150.168.167 (Mon,
 03 Jan 2005 15:43:11 EST)
NNTP-Posting-Date: Mon, 03 Jan 2005 15:43:11 EST
Organization: Cogeco Cable
Xref: g2news1.google.com comp.lang.ada:7416
Date: 2005-01-03T15:44:17-05:00
List-Id: <comp.lang.ada>

Dmitry A. Kazakov wrote:
> On Mon, 03 Jan 2005 14:01:42 -0500, Warren W. Gay VE3WWG wrote:
>>Dmitry A. Kazakov wrote:
>>>On Mon, 03 Jan 2005 11:36:34 -0500, Warren W. Gay VE3WWG wrote:
>>>>Dmitry A. Kazakov wrote:
>>>>>On Sun, 02 Jan 2005 17:04:29 -0500, Warren W. Gay VE3WWG wrote:
>>>>>>Dmitry A. Kazakov wrote:
>>>>>>>On Sat, 01 Jan 2005 19:31:56 -0500, Warren W. Gay VE3WWG wrote:
>>>Huh, firewalls only exist because of that crippled, buggy, unsafe OSes!
>>
>>Ah, not necessarily. To enforce policy, it makes sense to throttle
>>all of a company's access to the world-wild-net through one "gate",
>>rather than try to administer it on the bases of every host, pc,
>>and laptop within an organization.
> 
> But in our hypothetical OS each possible way of access will be represented
> by some safe system object. These objects, when properly designed will
> provide necessary administrative services. 

If you are a night watchman for a Mall, which situation makes it
easier to sleep at night when you've locked up and gone home?

   1. A mall with one or two doors on the outside to be
      locked and checked.
   2. A mall with thousands of doors on the outside to be
      locked and checked.

The answer is obvious. Sure, it is ok for other doors to exist
inside the mall (for each store), which can be locked, but it
only makes sense to choke the security at a minimal number
of points.

> Do you have one "gate" for hard
> drive I/O? 

Yes, actually. The kernel controls the issuing of the IDE
commands, so that no process can permanently destroy the
IDE drive (which can be done, if certain commands are issued).
Not to mention that partition scope(s) must be enforced.

File systems mitigate access to the thousands of objects
that exist within the file system. In a hierarchical system
of directories, you have upper levels of choke points (in
parent directories), as well as the ability to control
access on the object itself.

> Do you need a firewall to tunnel open/close/read/write to floppy
> drives? It would be nonsense. 

Maybe its not your floppy. Maybe it belongs to
another user (perhaps a student/coworker/spouse).

> The problem is that network protocols do not
> have safety of a file system. 

A file system is confined. A network is exposed by
definition. That is the element that makes network
security so difficult. It has very little to do
with which came first.

>>Even at home, there is much more safety in doing things this way.
> 
> It an imaginary safety.

Not at all. While it is not the entire answer to network
security, you court disaster without one. You will not find
one network security expert to suggest what you are promoting.
--
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg