On 2011-02-25 at 21:07:22 [+0100], Sean Collins <SMC.Collins@xxxxxxxxxxx> wrote: > Thank you for not hanging me out the window. the idea I put forth > deals with one of my biggest beefs, the supposed security of multiuser > systems. to believe such fallacy is to be genuinely dishonest with ones > self. The first tenet of computer security is, that if it can be > touched, it can be hacked. Even encryptions can be hacked given > sufficient time to study the algorithmic mechanisms involved. > > so this comes back to the basic idea that what modern multiuser > ideology try's to do, is protect the system from the user. A novel but > failed idea. Social engineering is the biggest security hole on any > computer. The first line of any defense should be the place where the > vulnerability propagates. Network access,browsers etc ad nuasseum. > > falling behind the first layer of security layer, is the machine > really a multiuser if there is a root/user ? not really. If the idea is > to have true multiuser access, then the best way to secure the machine > is to give each user his/her own area of space with which to store info. > > the biggest problem I see is that multiuser simply provides no > facility to protect Bob from Jill. Jill downloads a application that has > root privileges that changes 2 library's. Those to library's break ALL > of bobs applications built on the last release while Jills applications > are the latest release. this means any program bob might use will be > effected by jills install transaction. > > so how to solve this problem " which is the much larger beef amongst > home computer users" Seriously? I believe earlier in this thread someone stated that multi-user isn't needed, since someone you share a computer with you trust anyway. While I wouldn't go so far, the fact is anyone with physical access to your desktop computer can get to your data. You can make it harder by encrypting your hard disk, but even that can be worked around with a hardware key logger. So 1. Please let's keep a realistic perspective and 2. don't pretend your solution is any more secure in the environment we're targeting than the traditional "main frame" multi-user implementations you're raging against. Ironically virtualization solutions are actually more suitable to servers, as they allow to keep different services insulated from each other (cf. the Haiku project's server installation). > is that giving each user his/her own area of data > on the drive sand boxed from everyone else, but also having a shared > data area. Honestly this could easily be leveraged by the existing boot > loader very simply. If the drive manager application had some more > functionality. you could control each drives access from a simple run > time loader that is used for multi boot now. I'm familiar with the terms you're using, but admittedly have no clue what you're talking about. From your previous mail it sounded like you'd have a host operating system that runs on real hardware and allows to run a virtualized per-user operating system. > I'd advise anyone who may have missed this enlightening read, to give > it a look, because it points out the fallacy of multiuser system > protection and how basically, the emperor has no clothes in this > security model. > > http://www.geekzone.co.nz/foobar/6229 > > > the best forms of security that are truly useful require hardware > keys and encryption, these are hackable to. it makes a compelling > argument however to leverage some form of disk encryption to make safe > sensitive personal information. > > remember while most virus's are just hackers being idiots, the > criminals after my personal data are of much more concern. secure the data. Apparently you need to reread the article you refer to. It's main points are: 1. Linux (any system, really) can be compromised by leveraging user ignorance, though the system can make it a bit more complicated (e.g. by adding hurdles for executing email-attached/downloaded files). 2. Pwning root/the system is overrated, since all the interesting damage can already be done with the user account. This applies to your virtualization solution just the same, so I have no clue why you brought it up (other than to increase the length of your mail). In short: The only advantage of a virtualization solution is very strong insulation of the users from each other, which, I believe, is irrelevant in the targeted use cases. Other than that it's just more complicated (requiring a host OS) and adding overhead due to the virtualization. CU, Ingo