[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [MiNT] Was: /proc, will be: /sys



On Wed, 17 Nov 1999 16:15:47 +0100 (CET), Konrad M. Kokoszkiewicz wrote:

> > Let's face it, you will never find a MiNT-box
> > running some high-security critical applications.
>
> Yes, nobody will setup a 'secure' setup on a MiNT box, but this is not
> a reason to not have improved security - this is a *consequence* of the
> fact that MiNT is insecure. So you're generally right, but the problem you

I'd rather say it's a consequense of the fact that MiNT is a poor choice for
this - mostly because it doesn't run on powerful hardware and Linux, FreeBSD
etc. does.

> I ask myself, what is this is all for? Obviously, such a piece of code
> prevents an user with euid > 0 from achieving the same privileges as the
> user with euid = 0 (root). There are privilege levels implemented, groups

You didn't get my point... Memory-protection and multiuser-features are very
useful, because they prevent insane processes and ignorant users (or drunk
owners...) to f**k up the system by accident, while some other
security-features only serves to protect the system from evil hackers. When
the latter conflicts with usability I'd say that usability should win.

Let's take a look at the current situation, where read-access to /proc is
restricted to your own processes. I'm writing a small application that
displays a memory-fragmentation-map for individual processes, which I intend
to use while developing applications. Now I have to run as root to be able
to use this efficiently, something I usually never does. And running as
root is risky if something goes totally wrong (like having the recursive
filecopy in my NewbieMiNT-installer go mad).

> At the other hand, the "multiuser support" and such code as shown above,
> can be still easily worked around with few perfectly legal system calls,
> so that any user can become root after a fraction of a second. So we not

And is this a problem?? I can't see why, unless some idiot decides to write
a worm for MiNT... And currently I don't know any idiot with both an Atari
and programming-knowledge... (TIFKAS can't code, can he?)

> This results in "averagely secure" OS, so that anyone who actually know a
> programming language and read the Atari documentation with some
> understanding - may hack the root account in a minute.

Has this ever happened? This requires that this hacker has either physical
access to a MiNT-box, or an account on some networked box.

If these features can be implemented so they're not effective with
SECURELEVEL=0, *and* they don't suck resources, I'm all for it. But not
otherwise. We have to have a realistic view on who the users are and what
uses MiNT have and will have.


/*
** Jo Even Skarstein    http://www.stud.ntnu.no/~josk/
**
**    beer - maria mckee - atari falcon - babylon 5
*/