daveb@geac.UUCP (Brown) (09/28/87)
In article <893@mcgill-vision.UUCP> mouse@mcgill-vision.UUCP (der Mouse) writes: >In article <2117@eecae.UUCP>, lawitzke@eecae.UUCP (John Lawitzke) writes: >>> Minix is v7 - (things you didn't know about, and don't want even if >>> you did), the GNU kernel should be 4.3BSD + (things) - (security features). >> The GNU kermel should be 4.3BSD + (things) + (security features) > >> What security features don't you want? >In general, anything which serves no purpose but security. May I rephrase you to "minus @#%!$$!?&*! security features"? I'm a security-oriented type, but agree that the security "systems" provided by most OS designers are horrible. They get in the way of doing usefull work, they restrict necessary administration, they produce tons of audit reports, etc. On the other hand, I *have* used systems which run at a high level of security and don't get in the way at all. The one I'm thinking of even keeps my boss from reading my mailbox (no small thing, even in a system which meets the "orange book"). The important things about security are: 1) its pervasive (you can't get around it) 2) its transparent (you don't need to get around it) The latter is **HARD**. Failing to acheive it produces "@#%!$$!?&*!" security features, which I formally denigrate. GNUvians, feel free to improve security if you care to, but provide means to make it transparent and, if necessary, hooks to disable it. --dave -- David Collier-Brown. {mnetor|yetti|utgpu}!geac!daveb Geac Computers International Inc., | Computer Science loses its 350 Steelcase Road,Markham, Ontario, | memory (if not its mind) CANADA, L3R 1B3 (416) 475-0525 x3279 | every 6 months.
elg@usl (Eric Lee Green) (10/11/87)
in article <1494@geac.UUCP>, daveb@geac.UUCP (Brown) says: > Xref: usl-pc comp.arch:752 comp.unix.wizards:1316 comp.os.misc:156 > In article <893@mcgill-vision.UUCP> mouse@mcgill-vision.UUCP (der Mouse) writes: >>In article <2117@eecae.UUCP>, lawitzke@eecae.UUCP (John Lawitzke) writes: >>>> Minix is v7 - (things you didn't know about, and don't want even if >>>> you did), the GNU kernel should be 4.3BSD + (things) - (security features). > May I rephrase you to "minus @#%!$$!?&*! security features"? > > The important things about security are: > 1) its pervasive (you can't get around it) > 2) its transparent (you don't need to get around it) RMS has come up with a sure-fired way of doing BOTH of those in the GNU Kernel. Specifically, 1) If there is NO security, then there is nothing to get around, and, 2) If there is NO security, then there is DEFINITELY no need to get around it. Remember, RMS's background is not commercial high-security data processing, but, rather, academia, research, and program development, where security is actually an IMPEDIMENT to productivity, because it impairs the sharing of code, algorithms, test data, and other things of that sort. In his view, at least as expressed in various books and articles that included interviews with him, security features are unnecessary and are a Definite Evil for various reasons also mentioned in the GNU Manifesto (needless to say, Multics would not be his favorite OS :-). Call him a Utopian if you will, for believing in the Better Nature of Man. But hey, since he's doing it for free, and providing complete source, you can do whatever the heck you want to once you get the stuff, including, of course, adding your own security features to it. -- Eric Green elg@usl.CSNET from BEYOND nowhere: {ihnp4,cbosgd}!killer!elg, P.O. Box 92191, Lafayette, LA 70509 {ut-sally,killer}!usl!elg "there's someone in my head, but it's not me..."
chuck@amdahl.amdahl.com (Charles Simmons) (10/14/87)
In article <287@usl> elg@usl (Eric Lee Green) writes: >Remember, RMS's background is not commercial high-security data >processing, but, rather, academia, research, and program development, >where security is actually an IMPEDIMENT to productivity, because it >impairs the sharing of code, algorithms, test data, and other things >of that sort. In his view, at least as expressed in various books and >articles that included interviews with him, security features are >unnecessary and are a Definite Evil for various reasons also mentioned >in the GNU Manifesto (needless to say, Multics would not be his >favorite OS :-). > >Call him a Utopian if you will, for believing in the Better Nature of >Man. But hey, since he's doing it for free, and providing complete >source, you can do whatever the heck you want to once you get the >stuff, including, of course, adding your own security features to it. > >Eric Green elg@usl.CSNET from BEYOND nowhere: >{ihnp4,cbosgd}!killer!elg, P.O. Box 92191, Lafayette, LA 70509 >{ut-sally,killer}!usl!elg "there's someone in my head, but it's not me..." Arguing philosophy here... I always take the view that people won't intentionally trash the system (in particular, my files). I also could care less about security in environments like the NSA and CIA. But I do appreciate security features. In particular, I like the ability to read source code using a text editor, while knowing that I won't unintentionally trash it by accidentally modifying the file and writing out the result. --. Ma
ron@topaz.rutgers.edu (Ron Natalie) (10/14/87)
There is a difference between security and protection. I hope there is no doubt that simple write protection and things like that are needed. These things are necessary to keep fun loving and benign users from accidentally blowing themselves or others away. For instance, it is not fun to have everyones memory space shared among every one else such that when one person's program goes bonkers it scribbles over everyone else's memory.
greg@ncr-sd.SanDiego.NCR.COM (Greg Noel) (10/15/87)
In article <287@usl> elg@usl (Eric Lee Green) writes: ... [discussion of lack of security features in GNU] ... >Call him a Utopian if you will, for believing in the Better Nature of >Man. But hey, since he's doing it for free, and providing complete >source, you can do whatever the heck you want to once you get the >stuff, including, of course, adding your own security features to it. Unfortunately, the reason that security features get such a bad rap is that they usually \are/ add-ons. If you have to do this, the security aspects will neither be transparent nor cheap. If security is designed in from the beginning, you can do things to minimize or eliminate the performance impact while making it as unobtrusive as possible. Besides, it's easier to lower security barriers on a case-by-case basis as the need arises than to run around frantically trying to plug holes caused by an initial bad design. (I've done both; believe me, it's true.) I had hopes that the GNU project would be of great value by providing an alternative to the commercial products. It bothered me that the initial products were so prolifigate with memory (thereby moving themselves out of the market that has been the most supportive of them), but this issue kills it for me. Security is not an add-on. -- -- Greg Noel, NCR Rancho Bernardo Greg.Noel@SanDiego.NCR.COM
daveb@geac.UUCP (10/18/87)
In article <1828@ncr-sd.SanDiego.NCR.COM> greg@ncr-sd.SanDiego.NCR.COM (Greg Noel) writes: >Unfortunately, the reason that security features get such a bad rap is >that they usually \are/ add-ons. If you have to do this, the security >aspects will neither be transparent nor cheap. If security is designed >in from the beginning, you can do things to minimize or eliminate the >performance impact while making it as unobtrusive as possible. Being paranoid for a profession, I actually do want security features in GNU. But I respect and admire RMS's dislike for them, and would be quite happy if he just put in hooks. I use a machine that isn't even C2 secure every day. Happily. When I want something secure, I keep it elsewhere, on a machine I can treat as if it were A1 secure, since I control access to it utterly. Happy hacking, RMS! Do what you think you should. --dave -- David Collier-Brown. {mnetor|yetti|utgpu}!geac!daveb Geac Computers International Inc., | Computer Science loses its 350 Steelcase Road,Markham, Ontario, | memory (if not its mind) CANADA, L3R 1B3 (416) 475-0525 x3279 | every 6 months.