FreeLists / openbeos / [openbeos] Re: BeOS/Zeta is (not) immune to attacks

["Niklas Nisbeth" <noisetonepause@xxxxxxxxx>]

> There will never be a method to stop *you* from erasing >*your* home
folder. That's not what security is about,
> that's what backups are for.
I think I disagree. Security should make sure that I don't lose data, full stop.

It's not something I'm really worried about (losing data), to be
honest; I have all my most important files in several places, and
hell, it's not like hwat I do is very important in the grand scheme of
things, I might have to redo bits of whatever schoolwork I'm working
on if something gets deleted, bah, it'll do me some good - but still,
my home folder is more important than the system folder.

I have thought of a radical solution, though. Would it be possible to
make all "removal tools" (rm, API functions, tracker functions etc)
ONLY send the files to trash, and then have the trash only emptied at
specific times... or maybe have files deleted once they've been in the
trash for, say, a week? I realised this poses problems for when you're
running low on disk space, but, I dunno. Maybe trashing should just be
a sort of "flag for deletion" process, so files would only get
overwritten when you reach a certain threshold... I'm not saying I'm
convinced this is a good idea, I'm just sort of, y'kna, throwing it
out there.

> Of course, with ACL you could only allow Tracker to
> delete files in your home folder to be a bit more on
> the safe side.
Does Haiku have those? A lot of shell scripts (installers, etc) will
rely on rm, though, and some apps need to be able to clean up after
themselves...

Ah, this is actually really difficult..!

/Niklas

On 1/5/07, Axel Dörfler <axeld@xxxxxxxxxxxxxxxx> wrote:
> "Niklas Nisbeth" <noisetonepause@xxxxxxxxx> wrote:
> > This was widely reported on BeOS news sites, but I wanted to just
> > throw it out here. While security is obviously not going to be a big
> > issue in the real world any time soon, I think these issues need to
> > be
> > looked at and addressed BEFORE we achieve world-domination, so we can
> > send the black hats & script kiddies to /dev/null from day 1. Some of
> > the points Maurice make are good...
>
> He's just stating the obvious. There are *many* more problems in BeOS
> to solve to have a secure system. For one, the whole port and semaphore
> system is a security disaster as it works now (everyone can write to/
> read from any port, and everyone can acquire/release any semaphore -
> only kernel semaphores are somewhat protected).
>
> > And while we're at the security discussion, can I just reiterate a
> > point I make whenever I get the opportunity: People talk about
> > multi-user as though it's the holy grail of computer security, and
> > that you must have it for your systems to be secure. I'm not
> > convinced: all the stuff that's actually important to me is in my
> > home
> > folder; that's the stuff I do backups of, and that's what I'd miss if
> > it was erased. Multi-user doesn't change that, programmes I run can
> > still erase my home folder, there's no check there. Rendering my
> > system unbootable by wiping /boot/beos is a nuisance at best if I
> > have
> > an installation CD. I don't think rm -r /boot/beos/* is something we
> > need to be concerned with, but rm -r /boot/home/* is a *very* big
> > issue.
>
> There will never be a method to stop *you* from erasing *your* home
> folder. That's not what security is about, that's what backups are for.
> Security comes into play if you want to prevent someone else from
> erasing your data. For example, you might want to test unknown
> applications in a secure shell first, so that you'll see if they are
> malicious or not.
> But eventually, it all boils down to if you trust the source of the
> application enough to run it or not; security is there to make this a
> conscious decision, but it doesn't protect you from yourself.
> Of course, with ACL you could only allow Tracker to delete files in
> your home folder to be a bit more on the safe side.
>
> Bye,
>    Axel.