From: Barry Margolin on
In article <2010011820313816807-tfb(a)cleycom>,
Tim Bradshaw <tfb(a)cley.com> wrote:

> On 2010-01-18 17:31:00 +0000, Tamas K Papp <tkpapp(a)gmail.com> said:
>
> > I also recall reading that it had no user separation or privilege
> > containment. Is that true? I know that this was before the internet
> > became ubiquitous, but is this a good security model? If not, could
> > one remedy this (in principle) and still have something similar to a
> > Lisp machine?
>
> Yes, everything was in a single address space and anyone could do
> anything. No, it wasn't a good security model - it wasn't really a
> security model at all. Things were made much better by bounds & type
> checking of course. I guess they were a bit like what JavaScript
> environments look like now that way.

Even worse than JavaScript, which mostly tries to keep each page
separate (there are some openings, which is one of the causes of
cross-site scripting problems). Lisp Machines made no attempt at any
separation, it was not much different from any other personal computers
of the era.

As you said, bounds and type checking prevent inadvertent security
problems, but if an application calls EVAL on data read from the
network, it's totally vulnerable. We actually had an EVAL-server
running on the machines at our company, but I think it was only
listening on a CHAOSnet socket, not TCP/IP, so it wasn't accessible from
outside our network (and if we did run it over TCP/IP, our corporate
firewall wouldn't have had that port open).

>
> I think you could do better without going to complete separation.
>
> >
> > I think that managing software components is an orthogonal issue.
> > Lispers have full control over ASDF and its ilk, and we didn't do such
> > a great job with those. Did the Lisp Machine have a framework for
> > managing software updates (think Debian or similar), or was is so cozy
> > because the issue didn't arise?
>
> They had patches and a mechanism for managing them. I don't think
> there was any automated update-getting thing (but this is pretty recent
> actually - Debian may have been the first sorted out example of it).

They sent patches on tapes, and later, CD's.

--
Barry Margolin, barmar(a)alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
From: Antony on
Tamas K Papp wrote:
>
> I also recall reading that it had no user separation or privilege
> containment. Is that true? I know that this was before the internet
> became ubiquitous, but is this a good security model?
I have no idea about lispMs other than the tidbits I read here.

But your sentence above seems just weired

If it had no user separation, it wasn't a good security model for what?
People used MS-DOS just fine.

What does internet have to do with this. In fact with the internet (if
we are to talk about people using any of the stuff from amazon, google
etc, that is www applications) we have more machines requiring less
multi user security (of course I am simplifying). The user uses his PC
all by himself, the server(s) runs in a secluded environment one app,
under a user account that has nothing to do with the gazillion users
connecting and utilizing it from the browsers. For webservers I don't
think it is essential to have classic 'OS users' management.
On the client side I don't think iphone, netbooks need lots of the user
isolation stuff.
I know people might run apache as one user and mysql as another,
personally i think it means little in a controlled webserver farm
environment.
Classic multi user setup is pretty much obsolete these days. Even in
corporate setting you use some oracle app that services a few corporate
users that may have no OS level user identity on that oracle app server.

On the other hand we heavily use the quick user switch feature on
windows at home :)

-Antony
From: Tamas K Papp on
On Tue, 19 Jan 2010 03:03:18 -0800, Antony wrote:

> Tamas K Papp wrote:
>>
>> I also recall reading that it had no user separation or privilege
>> containment. Is that true? I know that this was before the internet
>> became ubiquitous, but is this a good security model?
> I have no idea about lispMs other than the tidbits I read here.
>
> But your sentence above seems just weired
>
> If it had no user separation, it wasn't a good security model for what?
> People used MS-DOS just fine.

People who used MS-DOS usually had no alternative (in that price range),
so it is hard to say if they were satisfied it it. By the same token,
you could also say that in the Middle Ages, people died in the bubonic
plague just fine.

> What does internet have to do with this. In fact with the internet (if

The internet just leads to a higher chance of having someone else's
application run on your computer. Imagine having desktop Lisp machines
today, with x86-like speed but the same security model. Would you browse
the web on that?

> Classic multi user setup is pretty much obsolete these days. Even in

$ ps -eo euser | sort | uniq
avahi
daemon
dictd
haldaemon
messagebus
postfix
root
syslog
tpapp

Sorry, you were saying?

Tamas
From: Frode V. Fjeld on
Tamas K Papp <tkpapp(a)gmail.com> writes:

> The internet just leads to a higher chance of having someone else's
> application run on your computer. Imagine having desktop Lisp
> machines today, with x86-like speed but the same security model.
> Would you browse the web on that?

I don't get it. Are you saying you feel safe about firing up any
executable file you find floating around the internet because the unix
(etc) security model is going to protect you? I believe the current
"best practice" implies that all bets are off once you do that, unless
you very painstakingly set up a sandbox.

What unix has is the ability to have multiple security domains on a
single system, which was crucial back in the eighties or so. Now we have
Personal Computers. Plural.

--
Frode V. Fjeld
From: Frode V. Fjeld on

> On Mon, 18 Jan 2010 09:20:08 -0800, Scott Burson wrote:

>> Contrast what you have to do nowadays: track down the source, maybe
>> puzzle over the configure options, make sure you have the right
>> versions of dependent components, build the thing with debugging
>> enabled, fire it

Tamas K Papp <tkpapp(a)gmail.com> writes:

> I think that managing software components is an orthogonal issue.
> Lispers have full control over ASDF and its ilk, and we didn't do such
> a great job with those. Did the Lisp Machine have a framework for
> managing software updates (think Debian or similar), or was is so cozy
> because the issue didn't arise?

But there are two separate issues there: One is working with the system
you already have up and running: Understanding what goes wrong and
having the ability to fix it. This is what the lispms did well and the
others don't.

The other issue is something like software lifetime maintenance: keeping
track of versions and keeping your system synchronized and consistent as
they are being developed community-wide. Avoiding "DLL Hell". I don't
think lispms or lisp in general shines at all in this regard.

I think this latter issue is a quite interesting problem though, and in
particular in the context of "permanently-on" systems: How do you keep
multiple versions of the "same" function around in the same image? What
are the appropriate protocols for upgrading some library in a system
without disrupting its service? Etc.

--
Frode V. Fjeld