Re: For the AdaOS folks

["Warren W. Gay VE3WWG" <ve3wwg@NoSPAM.cogeco.ca>]

Dmitry A. Kazakov wrote:

> On Mon, 03 Jan 2005 15:44:17 -0500, Warren W. Gay VE3WWG wrote:
>>Dmitry A. Kazakov wrote:
>>
>>>But in our hypothetical OS each possible way of access will be represented
>>>by some safe system object. These objects, when properly designed will
>>>provide necessary administrative services. 
>>
>>If you are a night watchman for a Mall, which situation makes it
>>easier to sleep at night when you've locked up and gone home?
>>
>>   1. A mall with one or two doors on the outside to be
>>      locked and checked.
>>   2. A mall with thousands of doors on the outside to be
>>      locked and checked.
>>
>>The answer is obvious. Sure, it is ok for other doors to exist
>>inside the mall (for each store), which can be locked, but it
>>only makes sense to choke the security at a minimal number
>>of points.
> 
> But you can approach the problem in other ways. You could change people to
> make impossible for somebody to steal. You could make objects unusable when
> stolen etc.

How much chance do you think that this has of working with PCs,
laptops, servers etc. that might run an new O/S?  You're not
a practical man.

>>>Do you have one "gate" for hard drive I/O? 
>>
>>Yes, actually. The kernel controls the issuing of the IDE
>>commands, so that no process can permanently destroy the
>>IDE drive (which can be done, if certain commands are issued).
>>Not to mention that partition scope(s) must be enforced.
> 
> It is no different from handling TCP/IP sockets. So the problem lies
> elsewhere above. Anybody may try to open a file.

I'm just going to bite my lip on this one.

>>File systems mitigate access to the thousands of objects
>>that exist within the file system. In a hierarchical system
>>of directories, you have upper levels of choke points (in
>>parent directories), as well as the ability to control
>>access on the object itself.
> 
> Yes, that is the point. Files are primitive, but objects. It is much easier
> to enforce security in a hierarchical system than in a flat sea of
> unstructured data.

But a firewall prevents you from accessing any of my files at home ;-)
and my files at work.

Sure, there is also an account+password, more networking, and
more controls behind it. But the one I really count on Dmitry, is
that firewall.

>>>Do you need a firewall to tunnel open/close/read/write to floppy
>>>drives? It would be nonsense. 
>>
>>Maybe its not your floppy. Maybe it belongs to
>>another user (perhaps a student/coworker/spouse).
> 
> But how a tunnel might help with that? It does not know who is the owner.

Not a problem. I can determine who accesses the floppy
when it is mounted (look up the mount command).

>>>The problem is that network protocols do not
>>>have safety of a file system. 
>>
>>A file system is confined.
> 
> Come on, there were multi-user OSes before Windows. Even UNIX pretended to
> be one.

So? Who gets an account? (approved folk).

Who is on the internet? (everyone, including hackers, nobody excluded)

There is a difference, and there are other differences also.

>>Not at all. While it is not the entire answer to network
>>security, you court disaster without one. You will not find
>>one network security expert to suggest what you are promoting.
> 
> Sure, why should they kill a hen carrying the gold eggs? (:-)) 

It sounds like the golden egg is on your system(s) - especially
if you don't believe in firewalls ;-)

> Did you ever
> hear from any company selling anti-virus software that the only problem
> with viruses is OS?

I'm not going to bite. I'll just bite my lip instead ;-)
-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg