home .. forth .. colorforth mail list archive ..

Re: [colorforth] DARPA takes aim at IT sacred cows


--- "Samuel A. Falvo II" <kc5tja@xxxxxxxx> wrote:
> On Saturday 13 March 2004 07:49 pm, John Drake
> wrote:
> > Perhaps we are using the word "vunerable"
> > differently.  Some operating systems are designed
> > such that it's difficult to write "vunerable"
> > programs.  Anyway most of exploits I've seen for
> > MS-Windows are in some program running on Windows.
> > (Countless IIS problems, Exchange and Outlook
> > problems, and now Internet Explorer problems).
> 
> Very true.  Windows NT's kernel is *very* secure
> (arguably more secure 
> than Unix is, in fact, since it's based on true
> ACLs, and not a 
> restricted User/Group/Owner subset of the concept). 
> Also, it employs 
> role-based security, which is usually easier to
> manage than a per-user 
> system (NT's security lets you do both if you
> wished, though).
> 
> Still, the application software have to be written
> to interface to this 
> system.
> 
> --
> Samuel A. Falvo II

And therin lies the problem.  Under current measures
systems are only secure if program is written 
correctly.  It's not secure if the program is
malicious.  That's because a program running
under my login has, by default, all of the rights 
to do anything that I would do.  Take something as
simple as e-mail viruses.  M$ (the same folks that
came up with WinNT's ACL system) put this "neat"
little idea called VBA in their mail program.
I can have email that dances around.  Wow.
And of course it could be used for useful things
like workflow.  Problem is VBA, by default, has
the option of doing ANYTHING I would do with
email without first asking permission!  How many
email viruses would be stopped if every time
a VBA program wished to access you address list
or send an email on your behalf it had to ask
permission?

In a REALLY secure operating system every 
program starts off with bare minimum 
capability.  I should be able to do something
as stupid as run an unsigned Active-X script
that gets stopped in it's tracks as soon as
it tries top open a file, access the registry
or do any other nasty things.  Note I'm not
saying every OS HAS to have this level of
security (ColorForth certainly doesn't) but
I'm just pointing out that these levels of
security are POSSIBLE if people are willing
to rethink how things are done.

Also with regards to the differences between
ACLs and capability systems please read:

http://www.eros-os.org/essays/ACLSvCaps.html

Regards,

John M. Drake

__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: colorforth-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: colorforth-help@xxxxxxxxxxxxxxxxxx
Main web page - http://www.colorforth.com