From: Barry Margolin on 18 Jan 2010 15:52 In article <2010011820313816807-tfb(a)cleycom>, Tim Bradshaw <tfb(a)cley.com> wrote: > On 2010-01-18 17:31:00 +0000, Tamas K Papp <tkpapp(a)gmail.com> said: > > > I also recall reading that it had no user separation or privilege > > containment. Is that true? I know that this was before the internet > > became ubiquitous, but is this a good security model? If not, could > > one remedy this (in principle) and still have something similar to a > > Lisp machine? > > Yes, everything was in a single address space and anyone could do > anything. No, it wasn't a good security model - it wasn't really a > security model at all. Things were made much better by bounds & type > checking of course. I guess they were a bit like what JavaScript > environments look like now that way. Even worse than JavaScript, which mostly tries to keep each page separate (there are some openings, which is one of the causes of cross-site scripting problems). Lisp Machines made no attempt at any separation, it was not much different from any other personal computers of the era. As you said, bounds and type checking prevent inadvertent security problems, but if an application calls EVAL on data read from the network, it's totally vulnerable. We actually had an EVAL-server running on the machines at our company, but I think it was only listening on a CHAOSnet socket, not TCP/IP, so it wasn't accessible from outside our network (and if we did run it over TCP/IP, our corporate firewall wouldn't have had that port open). > > I think you could do better without going to complete separation. > > > > > I think that managing software components is an orthogonal issue. > > Lispers have full control over ASDF and its ilk, and we didn't do such > > a great job with those. Did the Lisp Machine have a framework for > > managing software updates (think Debian or similar), or was is so cozy > > because the issue didn't arise? > > They had patches and a mechanism for managing them. I don't think > there was any automated update-getting thing (but this is pretty recent > actually - Debian may have been the first sorted out example of it). They sent patches on tapes, and later, CD's. -- Barry Margolin, barmar(a)alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group ***
From: Antony on 19 Jan 2010 06:03 Tamas K Papp wrote: > > I also recall reading that it had no user separation or privilege > containment. Is that true? I know that this was before the internet > became ubiquitous, but is this a good security model? I have no idea about lispMs other than the tidbits I read here. But your sentence above seems just weired If it had no user separation, it wasn't a good security model for what? People used MS-DOS just fine. What does internet have to do with this. In fact with the internet (if we are to talk about people using any of the stuff from amazon, google etc, that is www applications) we have more machines requiring less multi user security (of course I am simplifying). The user uses his PC all by himself, the server(s) runs in a secluded environment one app, under a user account that has nothing to do with the gazillion users connecting and utilizing it from the browsers. For webservers I don't think it is essential to have classic 'OS users' management. On the client side I don't think iphone, netbooks need lots of the user isolation stuff. I know people might run apache as one user and mysql as another, personally i think it means little in a controlled webserver farm environment. Classic multi user setup is pretty much obsolete these days. Even in corporate setting you use some oracle app that services a few corporate users that may have no OS level user identity on that oracle app server. On the other hand we heavily use the quick user switch feature on windows at home :) -Antony
From: Tamas K Papp on 19 Jan 2010 07:16 On Tue, 19 Jan 2010 03:03:18 -0800, Antony wrote: > Tamas K Papp wrote: >> >> I also recall reading that it had no user separation or privilege >> containment. Is that true? I know that this was before the internet >> became ubiquitous, but is this a good security model? > I have no idea about lispMs other than the tidbits I read here. > > But your sentence above seems just weired > > If it had no user separation, it wasn't a good security model for what? > People used MS-DOS just fine. People who used MS-DOS usually had no alternative (in that price range), so it is hard to say if they were satisfied it it. By the same token, you could also say that in the Middle Ages, people died in the bubonic plague just fine. > What does internet have to do with this. In fact with the internet (if The internet just leads to a higher chance of having someone else's application run on your computer. Imagine having desktop Lisp machines today, with x86-like speed but the same security model. Would you browse the web on that? > Classic multi user setup is pretty much obsolete these days. Even in $ ps -eo euser | sort | uniq avahi daemon dictd haldaemon messagebus postfix root syslog tpapp Sorry, you were saying? Tamas
From: Frode V. Fjeld on 19 Jan 2010 07:28 Tamas K Papp <tkpapp(a)gmail.com> writes: > The internet just leads to a higher chance of having someone else's > application run on your computer. Imagine having desktop Lisp > machines today, with x86-like speed but the same security model. > Would you browse the web on that? I don't get it. Are you saying you feel safe about firing up any executable file you find floating around the internet because the unix (etc) security model is going to protect you? I believe the current "best practice" implies that all bets are off once you do that, unless you very painstakingly set up a sandbox. What unix has is the ability to have multiple security domains on a single system, which was crucial back in the eighties or so. Now we have Personal Computers. Plural. -- Frode V. Fjeld
From: Frode V. Fjeld on 19 Jan 2010 07:44
> On Mon, 18 Jan 2010 09:20:08 -0800, Scott Burson wrote: >> Contrast what you have to do nowadays: track down the source, maybe >> puzzle over the configure options, make sure you have the right >> versions of dependent components, build the thing with debugging >> enabled, fire it Tamas K Papp <tkpapp(a)gmail.com> writes: > I think that managing software components is an orthogonal issue. > Lispers have full control over ASDF and its ilk, and we didn't do such > a great job with those. Did the Lisp Machine have a framework for > managing software updates (think Debian or similar), or was is so cozy > because the issue didn't arise? But there are two separate issues there: One is working with the system you already have up and running: Understanding what goes wrong and having the ability to fix it. This is what the lispms did well and the others don't. The other issue is something like software lifetime maintenance: keeping track of versions and keeping your system synchronized and consistent as they are being developed community-wide. Avoiding "DLL Hell". I don't think lispms or lisp in general shines at all in this regard. I think this latter issue is a quite interesting problem though, and in particular in the context of "permanently-on" systems: How do you keep multiple versions of the "same" function around in the same image? What are the appropriate protocols for upgrading some library in a system without disrupting its service? Etc. -- Frode V. Fjeld |