[haiku-development] Re: multi-user [was: BFS drivers for other systems?]

• From: Ingo Weinhold <ingo_weinhold@xxxxxx>
• To: haiku-development@xxxxxxxxxxxxx
• Date: Sat, 26 Feb 2011 15:23:56 +0100

On 2011-02-25 at 21:07:22 [+0100], Sean Collins <SMC.Collins@xxxxxxxxxxx> 
wrote:
>    Thank you for not hanging me out the window. the idea I put forth
> deals with one of my biggest beefs, the supposed  security of multiuser
> systems. to believe such fallacy is to be genuinely dishonest with ones
> self. The first tenet of computer security is, that if it can be
> touched, it can be hacked. Even encryptions can be hacked given
> sufficient time to study the algorithmic mechanisms involved.
> 
>   so this comes back to the basic idea that what modern multiuser
> ideology try's to do, is protect the system from the user. A novel but
> failed idea. Social engineering is the biggest security hole on any
> computer. The first line of any defense should be the place where the
> vulnerability propagates. Network access,browsers etc ad nuasseum.
> 
>    falling behind the first layer of security layer, is the machine
> really a multiuser if there is a root/user ? not really. If the idea is
> to have true multiuser access, then the best way to secure the machine
> is to give each user his/her own area of space with which to store info.
> 
>   the biggest problem I see is that multiuser simply provides no
> facility to protect Bob from Jill. Jill downloads a application that has
> root privileges that changes 2 library's. Those to library's break ALL
> of bobs applications built on the last release while Jills applications
> are the latest release. this means any program bob might use will be
> effected by jills install transaction.
> 
>   so how to solve this problem " which is the much larger beef amongst
> home computer users"

Seriously? I believe earlier in this thread someone stated that multi-user 
isn't needed, since someone you share a computer with you trust anyway. While 
I wouldn't go so far, the fact is anyone with physical access to your desktop 
computer can get to your data. You can make it harder by encrypting your hard 
disk, but even that can be worked around with a hardware key logger.

So 1. Please let's keep a realistic perspective and 2. don't pretend your 
solution is any more secure in the environment we're targeting than the 
traditional "main frame" multi-user implementations you're raging against. 
Ironically virtualization solutions are actually more suitable to servers, as 
they allow to keep different services insulated from each other (cf. the 
Haiku project's server installation).

> is that giving each user his/her own area of data
> on the drive sand boxed from everyone else, but also having a shared
> data area. Honestly this could easily be leveraged by the existing boot
> loader very simply. If the drive manager application had some more
> functionality. you could control each drives access from a simple run
> time loader that is used for multi boot now.

I'm familiar with the terms you're using, but admittedly have no clue what 
you're talking about. From your previous mail it sounded like you'd have a 
host operating system that runs on real hardware and allows to run a 
virtualized per-user operating system.

>   I'd advise anyone who may have missed this enlightening read, to give
> it a look, because it points out the fallacy of multiuser system
> protection and how basically, the emperor has no clothes in this
> security model.
> 
>   http://www.geekzone.co.nz/foobar/6229
> 
> 
>    the best forms of security that are truly useful require hardware
> keys and encryption, these are hackable to. it makes a compelling
> argument however to leverage some form of disk encryption to make safe
> sensitive personal information.
> 
>    remember while most virus's are just hackers being idiots, the
> criminals after my personal data are of much more concern. secure the data.

Apparently you need to reread the article you refer to. It's main points are: 
1. Linux (any system, really) can be compromised by leveraging user 
ignorance, though the system can make it a bit more complicated (e.g. by 
adding hurdles for executing email-attached/downloaded files). 2. Pwning 
root/the system is overrated, since all the interesting damage can already be 
done with the user account. This applies to your virtualization solution just 
the same, so I have no clue why you brought it up (other than to increase the 
length of your mail).

In short: The only advantage of a virtualization solution is very strong 
insulation of the users from each other, which, I believe, is irrelevant in 
the targeted use cases. Other than that it's just more complicated (requiring 
a host OS) and adding overhead due to the virtualization.

CU, Ingo

• References:
  • [haiku-development] Re: BFS drivers for other systems?
    • From: Stephan Assmus
  • [haiku-development] Re: BFS drivers for other systems?
    • From: Axel Dörfler
  • [haiku-development] Re: BFS drivers for other systems?
    • From: Ryan Leavengood
  • [haiku-development] Re: BFS drivers for other systems?
    • From: "Jürgen Wall"
  • [haiku-development] Re: BFS drivers for other systems?
    • From: Sean Collins

Other related posts:

• » [haiku-development] Re: multi-user [was: BFS drivers for other systems?] - Ingo Weinhold

1. Home
2. haiku-development
3. Archive
4. 02-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---