Christopher C. Stacy wrote:
>>>>>> On Wed, 09 Apr 2003 01:53:21 +0300, Harri Haataja ("Harri") writes:
> Harri> Christopher C. Stacy wrote:
> >>>>>>> On 03 Apr 2003 09:08:33 +0200, Ketil Malde ("Ketil") writes:
> Ketil> More specific question: how is security achieved, when
> >> everything's open, and communciation is done through unrestricted,
> >> shared objects? The reasons given doesn't sound very convincing,
> >> looking from a malicious user perspective.
> >>
> >> It's a single-user system and there is no protecting the user from
> >> himself, if he decides to be self-malicious.
>
> Harri> System protections[1] aren't there for users. They are there to
> protect Harri> various resources from *programs*. Users may or may not
> be somewhere Harri> behind some program that happened to call a chain
> of dozen others, but Harri> that has nothing to do with things. Neither
> has this hypothetical Harri> creature's intentions. It's all about
> programs for any system.
>
> You are the one who began the conversation with the phrase "malicous
> user", so naturally I addressed your specific concern. Now you're saying
> that the problem is not "users" at all. Can you please give a specific
> example of what you're afraid of? The Lisp Machine, rather surprisingly
> to people who are unfamiliar with it, did not in reality experience the
> kinds of problems that I think you are worrying about. My personal
> experience with the design of secure computing systems goes back 24
> years, but I would like you to elaborate, since you are so insistent
> that there must be a terrible problem here. Perhaps we can walk through
> some examples to show why the this was, in practice, not a problem on
> the LispM.
I don't remember that and I don't see it in the thread. I do remembering
commenting on similiar subject in a thread about a scheme interpreter in
Linux kernel. My memory may ofcourse fail.
That was just a brief comment, since people always seem to talk about
"user this" and "user that" when all programs care about are other
programs or in some specific cases input data streams.
It is too large a question to address here and very elementary to common
security practises in real world and in computers. Maybe there's something
like that in lispm, but I haven't seen it nor any of these machines. To me
"it's a single-user computer" sounds like an excuse to make win3 or
amigaos.
I'll try to steer this in a discussable direction:
In this hypothetical lisp os or on a real one, is the language enforced?
Can you use mere syntax to say "you can't access what you don't have a
reference to" and have that solve problems? What about data storage and
directory or catalog interfaces to files? What about compiled programs?
What's to stop a buggy web server from writing over files it's only
supposed to serve, for example?
--
War is Peace
Slavery is Freedom
Backspace is Delete.
-- Currently unattributed .sig
|