Jürgen Wall wrote:
Thank you for not hanging me out the window. the idea I put forth deals with one of my biggest beefs, the supposed security of multiuser systems. to believe such fallacy is to be genuinely dishonest with ones self. The first tenet of computer security is, that if it can be touched, it can be hacked. Even encryptions can be hacked given sufficient time to study the algorithmic mechanisms involved.On Thu, Feb 24, 2011 at 7:28 AM, Axel Dörfler <axeld@xxxxxxxxxxxxxxxx> wrote:Personally, I definitely want to see Haiku being completely multi-user one day.I think we should seriously consider other approaches to the problem of multiple users of the same computer like the suggestion from Sean Collins. We could just copy Linux or Mac OS X and the old mainframe multi-user approach, or we could come up with something more interesting, modern and maybe even more secure. For one thing I don't think multiple users at the same time is something we should worry about.Just wanted to throw an idea similar to the one from Sean Collins. What about introducing a per-user partition diff at the file system level above the actual system partition? There would be one system partition for all users, which only the administrator would be able to access directly. Then, for each ordinary user there would be an intermediate diff-layer, which allows transparent reading from the system partition, but redirects written contents into a separate "home"-location. Subsequent reading of the same contents through the diff-layer would then return data from the diff-layer first, but would fall back to the system partition in case the data wasn't present. >From my POV this approach would have the following advantages: 1. The physical system partition is totally secured from unauthorized modifications. 2. Existing applications wouldn't see any difference and wouldn't have to be modified, however would work with multiple users. 3. The approach could easily be extended to support user-groups, by means of a layer hierarchy. 4. One could always start with a fresh user account whenever the old one is messed up and see the original file system. However, I see the potential problem with the performance and storage of such an approach as well.
so this comes back to the basic idea that what modern multiuser ideology try's to do, is protect the system from the user. A novel but failed idea. Social engineering is the biggest security hole on any computer. The first line of any defense should be the place where the vulnerability propagates. Network access,browsers etc ad nuasseum.
falling behind the first layer of security layer, is the machine really a multiuser if there is a root/user ? not really. If the idea is to have true multiuser access, then the best way to secure the machine is to give each user his/her own area of space with which to store info.
the biggest problem I see is that multiuser simply provides no facility to protect Bob from Jill. Jill downloads a application that has root privileges that changes 2 library's. Those to library's break ALL of bobs applications built on the last release while Jills applications are the latest release. this means any program bob might use will be effected by jills install transaction.
so how to solve this problem " which is the much larger beef amongst home computer users" is that giving each user his/her own area of data on the drive sand boxed from everyone else, but also having a shared data area. Honestly this could easily be leveraged by the existing boot loader very simply. If the drive manager application had some more functionality. you could control each drives access from a simple run time loader that is used for multi boot now.
I'd advise anyone who may have missed this enlightening read, to give it a look, because it points out the fallacy of multiuser system protection and how basically, the emperor has no clothes in this security model.
http://www.geekzone.co.nz/foobar/6229the best forms of security that are truly useful require hardware keys and encryption, these are hackable to. it makes a compelling argument however to leverage some form of disk encryption to make safe sensitive personal information.
remember while most virus's are just hackers being idiots, the criminals after my personal data are of much more concern. secure the data.
Take care Sean
