From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jim Choate To: <9fans@cse.psu.edu> Cc: Subject: Re: [9fans] 'wall' messages In-Reply-To: <20031007124103.J4625@cackle.proxima.alt.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Tue, 7 Oct 2003 08:40:36 -0500 Topicbox-Message-UUID: 6550a764-eacc-11e9-9e20-41e7f4b1d025 On Tue, 7 Oct 2003, Lucio De Re wrote: > On the other hand, a reply that explains that the namespace is > sacred and inviolate, otherwise users cannot trust the operating > system, Users can't trust the OS, they can only trust the group running it, or not. A fundamental and basic security flaw that has let more than one hacker into a system. And will continue to do so until people get burned enough to realize that 'trust' -only- applies to people, never things. And even then it's mercurial (eg anybody ever had a girlfriend cheat on them?). This is one advantage, security through obscurity, where closed source OS'es -are- more secure than Open Source. And yes, it is a thin edge, but a edge never the less. The owners of the vast majority of boxes can't de-compile the binaries and then modify them for what is effectively a MITM attack. Open Source OS'es don't have this, in fact it's a common suggestion that people should in fact work on their own boxes (and many do). > that security in Plan 9 hinges on the absence of superior > privilege (root user) which prevents malicious users from being > able to hijack the CPU server, that "eve" and not "bootes" is And bootes is absolutely prevented from aliasing as eve, ever? Even if they're running on the same box at the same time? I think somebody is more interested in cannon than reality. Does bootes -ever- have a process that is running the cpu in supervisor mode? A single NOP that can be replaced with a jump or branch? If bootes (or eve for that matter) ever run the cpu in supervisor mode then they can take control of the VMM on that machine and snapshot everything a user does or has. So, unless you've got some sort of secure vault to run in (eg WOM on DSS smart cards) your security with respect to the hardware and basic OS are really a mirage. > allowed to provide a trampoline for a user to access a file server, > all these things make better archive material than tirades about > lack of understanding. And that's not written down clearly anywhere. One of the perennial complaints I hear is that the documentation of Plan 9 sucks. And yes, Hangar 18 is doing something about that. I've read -every- damn P9 document that's out there on the site, they suck. They're out of date, they're written in the wrong tone, etc., etc., etc. -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage@ssz.com jchoate@open-forge.com www.ssz.com www.open-forge.com