[openbeos] Re: Singleuser vs Multiuser

  • From: "Michael Phipps" <mphipps1@xxxxxxxxxxxxxxxx>
  • To: openbeos@xxxxxxxxxxxxx
  • Date: Tue, 11 Dec 2001 20:32:39 -0500

>
>>But you haven't answered the fundamental question.
>>Is this so that Mom and Dad and the kids can share a computer?
>>Or is this so 100 different people can all telnet into a machine and
>>be ABSOLUTLY SURE that no one can stomp anyone else?
>>
>>Those are 2 *MASSIVELY* different projects with different requirements.
>
>No, you don't need that level of security for multiple users.
>But if they are busy downloading viruses/trojan horses and
>love to accidentally mangle your system files, then you'd
>be really happy if you had the real security system.
>
>- Alex

Again, though, there is a huge difference between file system
security (which BeOS has, but is not usually used), desktop multi-user
(multiple home directories) and a hardened kernel.

Let's take an example. There are multiple ways, under BeOS to access 
memory that is not really yours. Look at clone_area. It is trivial to get
another application's memory space mapped into your data space.
Accelerants are another memory hole. Drivers, in a way, a third.

A hardened kernel would not allow these. There is a lot more attention
paid to security. One of the *BSD's actually does line by line security 
audits. It is my *personal* (not an official dictate) that this is way beyond
what we want to do with OBOS.

OTOH, something more like WinNT's login *is* a direction to head in.
One user per machine at a time, but multiple accounts on the machine.
Different users can have access to applications. Applications write data to
the home directory.





Other related posts: