You would think by now I would be able to let these things go by, but ...
Just to keep the players straight (if I got the nesting right)...
> = > jminie @
> = > >We're aware of how insecure UNIX is natively. ...
> Joseph S. D. Yao wrote:
> = Let's clarify this. Unix is an operating system that allows you
> = great latitude in how you set it up. It is neither secure nor
> = insecure "natively" (whatever that means).
> absolutely; agreed!
[lots of SNIPs]
> UNIX has been expanded with the same conceptual visions
> (other than commercial companies who listened to their marketing
> sleeze trying to be unique and are mostly history) by generations
> of practicioners who *understand* the unix kernel and concepts.
... and who did not or were not able to invest the resouces necessary to
maintain good software engineering practices - for whatever reasons.
> = It can be set up as Ken and Dennis
> = did initially, in a "friendly" environment, so that everybody can do
> = anything. In these days, probably a very very bad idea. It can also
> = be set up quite tightly, so that it's about as secure as any
> = operating system NOT SPECIFICALLY DESIGNED FOR HIGH-LEVEL SECURITY
> = can get.
Well, maybe agreed, but not necessarily. We must be very careful to
distinguish between the implementation and the concepts. There are a few
VERY ugly, very difficult to secure and interoperate with APIs such as
chmod(2), user identification, etc. Otherwise, it is the implementation
that is "NOT SPECIFICALLY DESIGNED FOR HIGH-LEVEL SECURITY."
> and flavours of UNIX with restricted functions and trust are
> _very_secure_ when properly installed. We have almost 30 years
This is a gratuitous statement. It depends upon what you mean by "secure.'
If you mean that you know it works properly to enforce the Unix policy,
then I would not agree with you.
> of finding the week spots; and, an updated 20 year old 'routed'
> and 'gated' as a two machine master firewall is _very_ secure.
This was a joke, right?
> [PAY me enough money and I will show you HOW TO build a REAL
> secure system for CHEAP].
Too easy a target. I'll leave this one alone! :-)
> and, given enough background, you quickly understand WHY there
> is no perfect software, no perfect operating system [except in Bill
> Gates' dreams], and _no_ secure kernel in a multi-user,
> multi-tasking, multi-machine environment if the user(s) expect
> access other than by batched punch cards, &c.
That's a rather bold statement. See comment below.
> in other words, "security" and "friendly" are diametrically
> opposed: the more you improved the client space for friendly
> access and sharing of information on a single machine or on a
> network, the less the security.
> A "perfectly" secure machine is therefore "perfectly"
This does not follow. I would argue that your assumptions could use some
close examination. Why are "security" and "friendly" diametrically
opposed? In my mind, they march hand in hand! I frankly do not think that
an operating system that allows viruses into your system is very
"friendly!" You know, "with friends like that ...." (finish with your
A high assurance security system allows you to do everything you are
authorized to do, see everything you are authorized to see, without
getting in your way. And it does it all **correctly**! The big mistake
that most "experts" make is that they confuse features with assurance.
Security means that the OS *works*. It works as stated. If the
statement is that no unauthorized user gets past the front gate, then
everyone who should get past does get past and no one else does. Is
that unfriendly? Only to the bad guys. You can construct the rest of
the obvious statements.
Security got a bad rap when people were trying to figure out how things
worked. Now that we have a pretty good idea, we have come up with
alternate ways of solving REAL problems (like covert channels) in a manner
that does not reduce usability or get in your way.
If you want an excellent example, look at DG/UX R4.12 B2 Security Option.
There is still room to improve (we know how, but the exec's expect you to -
you know - actually sell something sometime! :-), especially in the admin
area. But you build high assurance from the ground up, not from features
down. And a nice result from good software engineering is fewer bugs,
easier to maintain code, higher MTBF, etc.
> having been extensively involved during the 70s and 80s as a
> consultant to both Western Electric and Labs and taught college
> level courses on security , I, and others, have traveled through
> through these same problems --and, remember, R, T, and K
> constructed unix _in their spare time_ --for a DEC 11/45 which
> was limited to 64K data and 64K program.
I'll remain humble here .... :-)
Jon F. Spencer spencerj @
Data General Corp. Phone : (919)248-6246
62 T.W. Alexander Dr, MS #119 FAX : (919)248-6108
Research Triangle Park, NC 27709 Office RTP 121/9
Reality is an illusion - perception is what counts.
No success can compensate for failure at home.
President David O. McKay
***** UCC 1-207 ********