>>>>> On Wed, 09 Apr 2003 01:53:21 +0300, Harri Haataja ("Harri") writes:
Harri> Christopher C. Stacy wrote:
>>>>>>> On 03 Apr 2003 09:08:33 +0200, Ketil Malde ("Ketil") writes:
Ketil> More specific question: how is security achieved, when
>> everything's open, and communciation is done through
>> unrestricted, shared objects? The reasons given doesn't sound
>> very convincing, looking from a malicious user perspective.
>>
>> It's a single-user system and there is no protecting the user from
>> himself, if he decides to be self-malicious.
Harri> System protections[1] aren't there for users. They are there to protect
Harri> various resources from *programs*. Users may or may not be somewhere
Harri> behind some program that happened to call a chain of dozen others, but
Harri> that has nothing to do with things. Neither has this hypothetical
Harri> creature's intentions. It's all about programs for any system.
You are the one who began the conversation with the phrase
"malicous user", so naturally I addressed your specific concern.
Now you're saying that the problem is not "users" at all.
Can you please give a specific example of what you're afraid of?
The Lisp Machine, rather surprisingly to people who are unfamiliar
with it, did not in reality experience the kinds of problems that
I think you are worrying about. My personal experience with the
design of secure computing systems goes back 24 years, but I would
like you to elaborate, since you are so insistent that there must
be a terrible problem here. Perhaps we can walk through some examples
to show why the this was, in practice, not a problem on the LispM.
|