Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

samhain (System cracked, a story)

On Tue, 2003-05-27 at 15:33, Derek Martin wrote:
> If someone were to break into your system and steal your 7 years of
> financial records, they could easily use that information to steal
> your identity.  They could obtain loans and credit cards in your name,
> run them up, and default on the payments, leaving YOU with a real
> credit problem, and quite probably thousands of dollars and hundreds
> of hours worth of pain to clean up the mess.  This kind of crime is
> becoming increasingly common, according to an FBI agent I spoke with
> at a SANS conferecne.  

On the one hand, I suspect that my credit card numbers and what-not are
in so many databases that regardless of what I do to protect my own
computer, somebody has already snarfed enough of my personal information
to steal my identity, and the only reason they haven't (to my knowledge)
done it yet is blind chance.

(Note to self: verify that our homeowner's insurance includes coverage
for identity theft....)

On the other hand, I am careful not to store account numbers in my
gnucash file.

> The Unix philosophy, to write software that does one thing and does it
> well, is inherently much better for security than the Microsoft
> philosophy, to write giant software behemoths that do everything under
> the sun.  The Unix philosophy makes it easier to track and fix bugs
> than the Microsoft philosophy.  Large, complicated software projects
> usch as those for which microsoft is prone to write almost guarantee
> complicated bugs that affect multiple components of such a system.
> Until THAT changes, I seriously doubt that you'll see Microsoft make
> any substantantial gains on Free software in the realm of security.

The most interesting improvement on the Unix security model that I've
seen is capability-based security.  Instead of attaching ACLs to objects
and checking a process's user ID against the ACL before permitting
access, each object has a "capability" associated with it (note that
these are not the same as the "capabilities" that were recently added to
Linux), and the process has to present the appropriate capability before
getting access.

So, for example, a Web server could have capabilities to read and write
to port 80, and to write files in its logging directory, to execute
certain scripting languages, and to read files and scripts from certain
directories.  If the server needed to call a script, it could execute
the scripting language and hand over capabilities to read whatever
script was called for, to write to one specific log, and to read and
write to the HTTP connection that the server had opened up.  Even if
there were security holes or Trojan horses in the scripting language,
the script would be unable to touch any other part of the system.  (It
could not, for example, trap passwords that users typed into a Web form
and store them some place that an attacker could check later.)  If
someone called the same scripting language from the command line to
perform some other task, the language would get the capabilities it
needed to perform that task, but again, it couldn't touch any other part
of the system.

EROS, the Extremely Reliable Operating System, is an open-source
capability-based OS that has been under development for a number of
years.  (It started out as a Ph.D. dissertation.)  For a description of
the OS and some interesting stuff on capability-based security, see

"An RDBMS vendor's strategy for customer satisfaction is that you will
be their customer and they will be satisfied with how much money you
pay them."  --Philip Greenspun
// seth gordon // sethg at // //

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /