"Ingo Weinhold" <bonefish@xxxxxxxxxxxxxxx> wrote: > > So. The question then becomes how do we prevent all of that in the > > context of not changing the nature of the beast? > That's the question, right. And I wouldn't want to put it aside doing > it `the easy way' instead, without seriously analyzing the problem. I > don't say, I have solutions, I just say, what I'd like the OS to be > capable of. When it comes to create a solution for this (most of the issues shouldn't be too hard to solve with proper access rights for teams), count me in :-) I do want to have an as secure (multi-user) OS as possible given the constraints set by the BeOS compatibility (I could probably live with letting some apps break). > > What's this? No parties! Back to work! Don't make me lock you up > > with > > Axel in BGA's basement... ;-) > Er, well, yes, I'm really sorry. ;-) Well, here is plenty of space :-D > > I use my Win2K machine at work to telnet into a gazillion Solaris > > servers. I would call that serious networking. But there are no > > network > > services on my W2K machine. :-) What you really do is draw a hard > > line > > on what is a server and what is a workstation. > That's the point. As a client OS Windows and BeOS work well enough. > But > I wouldn't want OBOS to end up like Windows, where you can relatively > easily get localsystem rights when having access to the machine as > any > user. No, Windows isn't that bad with it (the NT line, of course); it is pretty secure - and it's kernel is very similar to ours (in many design decisions), so I hope we can borrow some concepts from there. Of course, if there is room for improvement, we should make use out of it. > If you can clone arbitrary root processes' areas and happily send > messages to their ports, it shouldn't be too hard to gain superuser > rights and access anything you want. It will probably be hard not to allow anyone to send messages to other ports, but at least the clone_area() part should be pretty easy to solve ;-) Adios... Axel.