Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.folklore.computers > #148488
| From | "Rod Speed" <rod.speed.aaa@gmail.com> |
|---|---|
| Newsgroups | alt.folklore.computers |
| Subject | Re: The joy of simplicity? |
| Date | 2015-07-19 09:49 +1000 |
| Message-ID | <d10713F9pp8U1@mid.individual.net> (permalink) |
| References | (9 earlier) <1443018172458656142.548953peter_flass-yahoo.com@news.eternal-september.org> <PM00051AFE21B80058@aca42e0b.ipt.aol.com> <d0qg66Fqs5uU1@mid.individual.net> <ttnn7c-djp.ln1@sambook.reistad.name> <PM00051B266DEF881D@aca2d680.ipt.aol.com> |
jmfbahciv <See.above@aol.com> wrote
> Morten Reistad wrote
>> Rod Speed <rod.speed.aaa@gmail.com> wrote:
>>> jmfbahciv <See.above@aol.com> wrote
>>>> Peter Flass wrote
>>>>> jmfbahciv <See.above@aol.com> wrote
>>>>>> Andrew Swallow wrote
>>>>>>> jmfbahciv wrote
>>>>>>>> Rod Speed wrote
>>>>>>>>> jmfbahciv <See.above@aol.com> wrote
>>>>>>>>>> Andrew Swallow wrote
>>>>>>> {snip}
>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> This will help but unfortunately the database you are keeping
>>>>>>>>>>> secret
>>>>>>>>>>> ends up inside the sandbox.
>>>>>>>>>>
>>>>>>>>>> Implement a file daemon like we did on TOPS-10.
>>>>>>>>>
>>>>>>>>> Doesn’t do a damned thing about the problem he is talking about.
>>>>>>>>
>>>>>>>> Of course it can. The file daemone can do anything one wants it
>>>>>>>> to.
>>>>>>>> In order to circumvent the security, a cracker has to patch the
>>>>>>>> monitor
>>>>>>>> to redirect the IPCF messages _and_ its contents.
>>>>>>>>
>>>>>>>> /BAH
>>>>>>>>
>>>>>>> Can the virus tell the daemone to get the next database record?
>>>>>>> If so repeat until the entire database has been extracted.
>>>>>>>
>>>>>> Only if the file daemon is designed to allow such access without
>>>>>> security.
>>>>>>
>>>>>> Using a file daemon to access otherwise protected files from a user,
>>>>>> including an app, allows access without the user/app having to have
>>>>>> the system privileges one would need if a daemon wasn't available.
>>>>>>
>>>>>> The sample JMF wrote, was designed to extend access to files. There
>>>>>> isn't
>>>>>> anything preventing a daemon from accessing the contents of files.
>>>>>> The neat thing was that you could protect a file from [1,2] accessing
>>>>>> it. [1,2] was the equivalent user to Unix' sudo (I think that's what
>>>>>> it's called.)
>>>>>>
>>>>>
>>>>> A daemon has nothing to do with this. The file system has to run at a
>>>>> higher privilege level (which most do) and have no bugs or security
>>>>> holes
>>>>> (which doesn't seem to be true). The problem seems to be that
>>>>> unauthorized
>>>>> code takes advantage of holes in the system get an elevated privilege
>>>>> level
>>>>> and access things it shouldn't.
>>>>
>>>> If you have a file daemon, you can protect all files and directories
>>>> from
>>>> any access at all times.
>>>
>>>There you go, utterly mangling the terminology just like you always do.
>>
>> No, she has just given some references to som DEC systems that have
>> fallen into disuse.
>>
>> Both tops10 and tops20 have decent file protection primitives (contrasted
>> to *n*x native and windows). They are almost as good as the multics ones
>> from the later versions.
>>
>> In addition you could connect a user mode process to a partition, and
>> have
>> the failed requests come in for a secondary view, and you could permit
>> them
>> anyhow. If you wanted every open request to go through that daemon you
>> just
>> set permissions 000 (unix-speak) on the mount point.
>>
>> These user mode daemons handle open()s, and set the subsequent read(),
>> write(), append() and select()/poll() permissions on the file handle as
>> long
>> as it is kept open.
>>
>> This is one solution to the jail-process-problem, but I think the
>> jail() version of chroot() is a much better one. For one, you have a
>> system-provided check that you stay within your jail on every (of ~150)
>> system call the process performs. This limits the scope of the external
>> impact from every program executed within that process.
>
> That's an interesting approach but it wouldn't it have to ignore
> terminal I/O?
Nope.
> And what about network accesses?
Doesn’t have to ignore that either.
> ISTM there would have
> to be a list of system calls that would need ignoring. I suppose that
> approach could provide a blanket security
Corse it can and that is what iOS does with its sandboxing
and that controls the terminal IO and network access too.
> but not control over contents of speicfic files/directories.
Wrong. That is what sandboxing does in spades.
The app only gets any access to its own files.
> The latter technique would only be invoked if, and only
> if, the "owner" of the file/directory wanted to invoke it.
And that is what sandboxing is about.
> With your approach, it would be a system invocation rather
> than something set up privately by a user within that system.
Wrong.
>>>> when an access fails, the file daemon can be called to decide
>>>> if access should be allowed.
>>>
>>>But it needs to have some basis for making that decision.
>>>
>>>> With that you can have MBs of code examining the situation and making
>>>> decisions. What's more you could also create sectors of file daemons
>>>> called by the master file daemon. A lot of protections on the PDP-10s
>>>> were built into the way we handled [P,PN]s. ppn protections were
>>>> stricter and easier than access ids which were names.
>>>
>>>That last isn't the problem being discussed.
>>>
>>>And iOS essentially does what you are talking about and
>>>so utterly misnamed by sandboxing so nothing gets access
>>>to the data that belongs to an app except the app itself and
>>>with stuff like the contacts where more than one app needs
>>>to have access to some of the data at times, the user gets
>>>to authorise access by other than the app that owns the data.
>>>
>>>Its never going to be possible for 'a file daemon' to decide
>>>just what need to have access to stuff like the contacts.
>>
>> Don't dismiss it outright. I have seen user-mode file systems do
>> similar things on modern systems.
>
> We did all kinds of things with the example file daemon TOPS-10
> shipped. And that was a simple-minded example for the customers
> to look at.
Back to alt.folklore.computers | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-08 00:27 -0300
Re: The joy of simplicity? Anne & Lynn Wheeler <lynn@garlic.com> - 2015-07-08 09:32 -0700
Re: The joy of simplicity? "ratsack" <ratgsack281@nospam.com> - 2015-07-10 05:28 +1000
Re: The joy of simplicity? hancock4@bbs.cpcn.com - 2015-07-08 09:54 -0700
Re: The joy of simplicity? scott@slp53.sl.home (Scott Lurndal) - 2015-07-08 17:43 +0000
Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-08 15:48 -0300
Re: The joy of simplicity? hda <agent700@ay.invalid> - 2015-07-08 22:03 +0200
Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-09 03:14 -0300
Re: The joy of simplicity? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2015-07-09 07:38 +0000
Re: The joy of simplicity? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2015-07-09 17:40 +0000
Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-09 16:32 -0300
Re: The joy of simplicity? "ratsack" <ratgsack281@nospam.com> - 2015-07-10 05:35 +1000
Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-09 16:51 -0300
Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-10 00:50 +0100
Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-10 00:27 +0000
Re: The joy of simplicity? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2015-07-10 16:36 +0000
Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-10 19:01 +0100
Re: The joy of simplicity? Stephen Sprunk <stephen@sprunk.org> - 2015-07-10 13:13 -0500
Re: The joy of simplicity? Stephen Sprunk <stephen@sprunk.org> - 2015-07-10 13:20 -0500
Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-10 18:59 +0000
Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-10 21:08 +0100
Re: The joy of simplicity? Morten Reistad <first@last.navn> - 2015-07-11 00:42 +0200
Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-11 20:47 +0100
Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-12 12:53 +0000
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-13 05:40 +1000
Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-14 12:02 +0000
Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-14 13:32 +0100
Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-15 12:19 +0000
Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-15 12:31 +0000
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-17 05:49 +1000
Re: The joy of simplicity? Morten Reistad <first@last.navn> - 2015-07-17 18:43 +0200
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-19 09:01 +1000
Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-19 13:25 +0000
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-20 06:20 +1000
Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-20 13:29 +0000
Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-20 15:26 +0000
Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-21 12:53 +0000
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-21 05:52 +1000
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-19 09:49 +1000
Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-19 13:25 +0000
Re: The joy of simplicity? Morten Reistad <first@last.navn> - 2015-07-19 18:15 +0200
Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-20 13:29 +0000
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-21 05:49 +1000
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-20 06:38 +1000
Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-20 13:29 +0000
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-21 05:55 +1000
Re: The joy of simplicity? "Hank" <hfd543@nospam.com> - 2015-07-12 06:00 +1000
Re: The joy of simplicity? Morten Reistad <first@last.navn> - 2015-07-11 00:38 +0200
Re: The joy of simplicity? "Charles Richmond" <numerist@aquaporin4.com> - 2015-07-10 15:27 -0500
Re: The joy of simplicity? Dave Garland <dave.garland@wizinfo.com> - 2015-07-11 00:18 -0500
Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-11 19:22 +1000
Re: The joy of simplicity? Gene Wirchenko <genew@telus.net> - 2015-07-10 17:53 -0700
Re: The joy of simplicity? "Osmium" <r124c4u102@comcast.net> - 2015-07-10 22:22 -0500
Re: The joy of simplicity? Gene Wirchenko <genew@telus.net> - 2015-07-10 23:39 -0700
Re: The joy of simplicity? simon@twoplaces.co.uk (Simon Turner) - 2015-07-10 08:27 +0100
Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-09 00:29 +0000
Re: The joy of simplicity? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2015-07-09 07:38 +0000
Re: The joy of simplicity? Daiyu Hurst <daiyu.hurst@gmail.com> - 2015-07-08 12:57 -0700
csiph-web