Archive of UserLand's first discussion group, started October 5, 1998.

Re: Walking around amsterdam

Author:Paul Snively
Posted:5/17/2000; 11:30:16 AM
Topic:Walking around amsterdam
Msg #:17367 (In response to 17361)
Prev/Next:17366 / 17368

Michael Grinder: In the terms of this particular discussion, security is only as good as it's default settings. Eros may have the best security available, but if one is not careful about permissions, etc, then the best possible security won't help.

My point was precisely that with a proper security model, this isn't true at all. My assumption in making this statement is that when you talk about "permissions, etc." you're talking about traditional notions of "users," "groups," and "privileges" as conceived of in Access Control Lists and implemented in UNIX, Windows, Apache, etc. If my assumption about your assumption is correct, then of course your assertion is correct.

But EROS doesn't use any such notions--in particular, it has no built-in notion of "user" and no built-in notion of "file." These observations, coupled with EROS' capability-based security model, make an entire class of security holes impossible for EROS to have. In particular, the apache.org hack that led to this discussion would have been impossible to mount successfully against EROS.

Michael: (Correct me if I'm wrong, but, as far as I know, Eros is just barely bootable, so it can't be used for anything practical at this point.)

I don't think EROS has especially broad hardware coverage at this point, but on the hardware that it does support, it boots fine. I think the issue you're likely driving at is that EROS is not yet self-hosting, i.e. it doesn't yet support its own development tool-chain. This is accurate, and so serious EROS developers currently really have to have two machines, one running Linux/FreeBSD to host the development tools, the other to run/test EROS software on.

The much larger issue, I'm sure, is that even when you boot EROS it feels totally alien because it makes very few concessions to the broken world. Eventually it will have a POSIX-compatible emulation environment and that will help people feel comfortable at first, but in the end, there's no escape: real software security requires that people abandon a broken security model that has been the dominant security model in computing for about 40 years. I'll be the first person to admit that this is asking a lot of people. But I think recent history shows that the bullet needs biting.




This page was archived on 6/13/2001; 4:55:13 PM.

© Copyright 1998-2001 UserLand Software, Inc.