[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [MiNT] Was: /proc, will be: /sys

To: mint@gfanrend.fishpool.fi (mint)
Subject: RE: [MiNT] Was: /proc, will be: /sys
From: joska@nuts.edu (Jo Even Skarstein)
Date: Wed, 17 Nov 1999 21:30:20 +0100
Sender: owner-mint@fishpool.com

On Wed, 17 Nov 1999 16:15:47 +0100 (CET), Konrad M. Kokoszkiewicz wrote:

> > Let's face it, you will never find a MiNT-box
> > running some high-security critical applications.
>
> Yes, nobody will setup a 'secure' setup on a MiNT box, but this is not
> a reason to not have improved security - this is a *consequence* of the
> fact that MiNT is insecure. So you're generally right, but the problem you

I'd rather say it's a consequense of the fact that MiNT is a poor choice for
this - mostly because it doesn't run on powerful hardware and Linux, FreeBSD
etc. does.

> I ask myself, what is this is all for? Obviously, such a piece of code
> prevents an user with euid > 0 from achieving the same privileges as the
> user with euid = 0 (root). There are privilege levels implemented, groups

You didn't get my point... Memory-protection and multiuser-features are very
useful, because they prevent insane processes and ignorant users (or drunk
owners...) to f**k up the system by accident, while some other
security-features only serves to protect the system from evil hackers. When
the latter conflicts with usability I'd say that usability should win.

Let's take a look at the current situation, where read-access to /proc is
restricted to your own processes. I'm writing a small application that
displays a memory-fragmentation-map for individual processes, which I intend
to use while developing applications. Now I have to run as root to be able
to use this efficiently, something I usually never does. And running as
root is risky if something goes totally wrong (like having the recursive
filecopy in my NewbieMiNT-installer go mad).

> At the other hand, the "multiuser support" and such code as shown above,
> can be still easily worked around with few perfectly legal system calls,
> so that any user can become root after a fraction of a second. So we not

And is this a problem?? I can't see why, unless some idiot decides to write
a worm for MiNT... And currently I don't know any idiot with both an Atari
and programming-knowledge... (TIFKAS can't code, can he?)

> This results in "averagely secure" OS, so that anyone who actually know a
> programming language and read the Atari documentation with some
> understanding - may hack the root account in a minute.

Has this ever happened? This requires that this hacker has either physical
access to a MiNT-box, or an account on some networked box.

If these features can be implemented so they're not effective with
SECURELEVEL=0, *and* they don't suck resources, I'm all for it. But not
otherwise. We have to have a realistic view on who the users are and what
uses MiNT have and will have.

/*
** Jo Even Skarstein    http://www.stud.ntnu.no/~josk/
**
**    beer - maria mckee - atari falcon - babylon 5
*/

Follow-Ups:
- RE: [MiNT] Was: /proc, will be: /sys
  - From: "Konrad M. Kokoszkiewicz" <draco@obta.uw.edu.pl>
- RE: [MiNT] Was: /proc, will be: /sys
  - From: Petr Stehlik <joy@sophics.cz>

Prev by Date: Re: [MiNT] Security again
Next by Date: Re: [MiNT] /proc
Previous by thread: [MiNT] debuging trick
Next by thread: RE: [MiNT] Was: /proc, will be: /sys
Index(es):
- Date
- Thread