[TCLUG] [TCLUG:22226] Try Eros... (was Re: [TCLUG:22179] freeBSD)

Thu Oct 5 12:13:12 CDT 2000

On Thu, Oct 05, 2000 at 09:48:02AM -0500, Adam Maloney wrote:
> OpenBSD - designed to be the most secure operating system, they took
> the BSD code and did a complete audit for buffer overflows and other
> nasties

I was reading technical papers last night -- what else is a geek
supposed to do with his "spare" time -- and ran across an interesting
discussion.  It was on the topic of security and the differences
between the popular use Access Control Lists and a Capabilities type
system. [1]  In short, ACL's fail miserably in many situations and are
subject to all sorts of back doors.  

Take this popular example for instance.  Your program receives input
from a "read-only" file and exports its output to a "write" file.  In
order to access these files in UNIX or Windows, you must give the
process (the program's instance) the same permissions to the file
system that the user who launched the program possess.  In other
words, the program has access to more objects than it actually needs.
Wouldn't it be simpler to say, this program only needs permissions to
the input file and the output file. (Notice the period and end of
sentance designation).

This type of limited permissions in ACL systems is attempted with
chroot() geols (or jails), where a process has it's own identity and
it put into a fake root directory.  This is not a good solution as it
does not really fix the problem, it just isolates it to that when the
security model breaks it can minimize the damage that can be done.

I brought up Eros, because it is an OO-designed microkernel OS, that
takes "Capability" based security to heart at every level in its
design.  I'm really intrigued by Eros, much more so than by HURD.
Partially because I don't want to deal with RMS's evangelism on the
HURD mailing list/development circle, but also because I think Eros
has a more solid design.

Once I clean up my home workstation (*ugh... do you think the Linux
kernel developers could take any longer to solidify 2.4?), I'll be
making Eros my pet OS project -- effectively kicking out HURD as my
"oooo...cool! I've got to try it" system.

REFERENCES
----------
[1] Capabilities Systems
    http://www.eros-os.org/papers/shap-thesis.ps or
    http://www.eros-os.org/design-notes/CapabilityPages.html and
    http://www.eros-os.org/design-notes/CapInvoke.html

[2] Eros OS Home Page
    http://www.eros-os.org

-- 
  Chad "^chewie, gunnarr" Walstrom <chewie at wookimus.net>
              http://wookimus.net/chewie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 233 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20001005/5d0d2f3f/attachment.pgp
-------------- next part --------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org