From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,b95a522100671708
X-Google-Attributes: gid103376,public
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news3.google.com!newsfeed.stanford.edu!cyclone.bc.net!news-in.mts.net!nf1.bellglobal.com!nf2.bellglobal.com!news20.bellglobal.com.POSTED!not-for-mail
From: "Warren W. Gay VE3WWG" <ve3wwg@NoSPAM.cogeco.ca>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: For the AdaOS folks
References: <Gq2dnUK90vVhBVLcRVn-1w@gbronline.com>
 <gemini.i9ih0y000ys1c02s4.nick.roberts@acm.org>
 <1PTAd.1218$0y4.421@read1.cgocable.net>
 <1vemlj8wqr9ea$.qyecszhsmtqa$.dlg@40tude.net>
 <J1WAd.1244$0y4.989@read1.cgocable.net>
 <1b48kdfqsk3mw.7gajq12fsa82.dlg@40tude.net>
 <KKaBd.3134$0y4.3044@read1.cgocable.net>
 <rnpnk8lhy0dy$.1m9qo6kbu5art$.dlg@40tude.net>
 <52fBd.42256$nV.1324414@news20.bellglobal.com>
 <q7q4e8yse44r.zlbrtj5nywu0$.dlg@40tude.net>
 <_gHBd.14666$0y4.10314@read1.cgocable.net>
 <8rz51zshvp8k$.gvir0kpiedzk.dlg@40tude.net>
 <Lc_Bd.14747$Y_4.1334651@read2.cgocable.net>
 <1cza5d5x7snmd.lr7wfm9fdsvd.dlg@40tude.net>
 <jveCd.15296$Y_4.1365327@read2.cgocable.net>
 <1hwsfqc0hx63i$.1dl0hkengaf6i$.dlg@40tude.net>
 <nDgCd.15313$Y_4.1370247@read2.cgocable.net>
 <1klgtuv6sbypt.1wlc9u1ixz7ua$.dlg@40tude.net>
 <z7iCd.15318$Y_4.1372013@read2.cgocable.net>
 <24hf82mgtexu$.c07xlxejxm1c$.dlg@40tude.net>
In-Reply-To: <24hf82mgtexu$.c07xlxejxm1c$.dlg@40tude.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <zPACd.24026$P%3.1139129@news20.bellglobal.com>
Date: Tue, 04 Jan 2005 13:00:04 -0500
NNTP-Posting-Host: 198.96.223.163
X-Complaints-To: abuse@sympatico.ca
X-Trace: news20.bellglobal.com 1104861535 198.96.223.163 (Tue,
 04 Jan 2005 12:58:55 EST)
NNTP-Posting-Date: Tue, 04 Jan 2005 12:58:55 EST
Organization: Bell Sympatico
Xref: g2news1.google.com comp.lang.ada:7433
Date: 2005-01-04T13:00:04-05:00
List-Id: <comp.lang.ada>

Dmitry A. Kazakov wrote:

> On Mon, 03 Jan 2005 15:44:17 -0500, Warren W. Gay VE3WWG wrote:
>>Dmitry A. Kazakov wrote:
>>
>>>But in our hypothetical OS each possible way of access will be represented
>>>by some safe system object. These objects, when properly designed will
>>>provide necessary administrative services. 
>>
>>If you are a night watchman for a Mall, which situation makes it
>>easier to sleep at night when you've locked up and gone home?
>>
>>   1. A mall with one or two doors on the outside to be
>>      locked and checked.
>>   2. A mall with thousands of doors on the outside to be
>>      locked and checked.
>>
>>The answer is obvious. Sure, it is ok for other doors to exist
>>inside the mall (for each store), which can be locked, but it
>>only makes sense to choke the security at a minimal number
>>of points.
> 
> But you can approach the problem in other ways. You could change people to
> make impossible for somebody to steal. You could make objects unusable when
> stolen etc.

How much chance do you think that this has of working with PCs,
laptops, servers etc. that might run an new O/S?  You're not
a practical man.

>>>Do you have one "gate" for hard drive I/O? 
>>
>>Yes, actually. The kernel controls the issuing of the IDE
>>commands, so that no process can permanently destroy the
>>IDE drive (which can be done, if certain commands are issued).
>>Not to mention that partition scope(s) must be enforced.
> 
> It is no different from handling TCP/IP sockets. So the problem lies
> elsewhere above. Anybody may try to open a file.

I'm just going to bite my lip on this one.

>>File systems mitigate access to the thousands of objects
>>that exist within the file system. In a hierarchical system
>>of directories, you have upper levels of choke points (in
>>parent directories), as well as the ability to control
>>access on the object itself.
> 
> Yes, that is the point. Files are primitive, but objects. It is much easier
> to enforce security in a hierarchical system than in a flat sea of
> unstructured data.

But a firewall prevents you from accessing any of my files at home ;-)
and my files at work.

Sure, there is also an account+password, more networking, and
more controls behind it. But the one I really count on Dmitry, is
that firewall.

>>>Do you need a firewall to tunnel open/close/read/write to floppy
>>>drives? It would be nonsense. 
>>
>>Maybe its not your floppy. Maybe it belongs to
>>another user (perhaps a student/coworker/spouse).
> 
> But how a tunnel might help with that? It does not know who is the owner.

Not a problem. I can determine who accesses the floppy
when it is mounted (look up the mount command).

>>>The problem is that network protocols do not
>>>have safety of a file system. 
>>
>>A file system is confined.
> 
> Come on, there were multi-user OSes before Windows. Even UNIX pretended to
> be one.

So? Who gets an account? (approved folk).

Who is on the internet? (everyone, including hackers, nobody excluded)

There is a difference, and there are other differences also.

>>Not at all. While it is not the entire answer to network
>>security, you court disaster without one. You will not find
>>one network security expert to suggest what you are promoting.
> 
> Sure, why should they kill a hen carrying the gold eggs? (:-)) 

It sounds like the golden egg is on your system(s) - especially
if you don't believe in firewalls ;-)

> Did you ever
> hear from any company selling anti-virus software that the only problem
> with viruses is OS?

I'm not going to bite. I'll just bite my lip instead ;-)
-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg