[openbeos] Re: status of OpenBeOS
- From: "Ingo Weinhold" <bonefish@xxxxxxxxxxxxxxx>
- To: openbeos@xxxxxxxxxxxxx
- Date: Sun, 04 May 2003 03:26:49 +0200 CEST
"Michael Phipps" <mphipps1@xxxxxxxxxxxxxxxx> wrote:
> >> Why would you choose to run a CVS repository on BeOS? Is it just
> > > so
> >> that you will not have multiple machines?
> >
> >Mmh, do you mean, I should buy another machine, just to run my CVS
> > on
> >it? CVS is not a real server task (unless you're planning to provide
> > it
> >for thousands of user, of course), it's just something like an FTP
> >server (or rather an ssh daemon), I'd like to be able to do with my
> >machine. While others may be interested in being able to have
> > multiple
> >users use their box, I don't care at all. If I have a machine, and
> > it
> >is always in the net, I want to also use it as a low-demand server,
> >e.g. for CVS to work on a non-open-source project together with
> > other
> >developers.
>
> CVS is, most of the time, a server task. :-)
> But I do see FTP, samba, ssh (for tunneling, CVS, etc) and other low
> usage servers
> as a "real" issue. The question is, how secure must we be?
As secure as possible, I'd say. If I trust a developer to work with me
together on a project, this doesn't mean, that I also trust him to read
my personal mails, my diary, company internals or something like that.
> In other words, would it be "acceptable" if, say, a remote user could
> pop up GUIs on the screen?
> Probably not. Would it be acceptable if one user could clone another
> user's areas? Probably not.
> Play a sound? No.
Exactly.
> So. The question then becomes how do we prevent all of that in the
> context of not changing the nature of the beast?
That's the question, right. And I wouldn't want to put it aside doing
it `the easy way' instead, without seriously analyzing the problem. I
don't say, I have solutions, I just say, what I'd like the OS to be
capable of.
> >Sure, we're all stupid enough to waste our time with cloning an OS
> >virtually noone knows. ;-)
>
> Speaking of which...
>
> >Well, this discussion is not entirely new. I remember vaguely
> > (though
> >just coming from a party being reasonably drunk ;-) that we had it
>
> What's this? No parties! Back to work! Don't make me lock you up with
> Axel in BGA's basement... ;-)
Er, well, yes, I'm really sorry. ;-)
> >before. Maybe the CVS/ssh example is not obvious enough, or maybe
> > I'm
> >just contorted by being able to just log into a fast machine (at the
> >university) and run a program. You simply can't do serious
> > networking
> >without true multiuser capabilities. Thus you disable the OS for
> >universities/schools and companies.
>
> Huh?
> I use my Win2K machine at work to telnet into a gazillion Solaris
> servers. I would call that serious networking. But there are no network
services on my W2K machine. :-) What you really do is draw a hard line
on what is a server and what is a workstation.
That's the point. As a client OS Windows and BeOS work well enough. But
I wouldn't want OBOS to end up like Windows, where you can relatively
easily get localsystem rights when having access to the machine as any
user.
> >And just be honest, if a user in a pseudo-multiuser environment is
> >seriously interested in data from other users, it should be rather
> >simple to get access to it. Maybe your a four year old kid can't do
> > it
> >or your grandmom, but there're virtually no barriers, if you don't
> >protect processes from each other.
>
> If you have a secure login system and real file protection, if there
> is no one else on the machine, I can't see how you can get to another
users data.
If you can clone arbitrary root processes' areas and happily send
messages to their ports, it shouldn't be too hard to gain superuser
rights and access anything you want.
CU, Ingo
Other related posts:
