Re: Your Opinion

[Jack Lloyd <lloyd () randombit net>]

On Fri, Mar 16, 2007 at 02:44:07PM -0600, Neil Dickey wrote:

> Even an absolutely secure operating environment ( OS +security programs )
> can be compromised by a user who is ignorant or malicious, or by third-
> party software which is poorly made.

Perhaps I'm misinterpreting your words, but I read this as a statement
that no operating system can be secure against local attackers. While
possibly true, I feel like it's a rather pessimistic view of the
situation. Though I do agree that most if not all commercially
available operating systems are in this state; I just don't that it is
intrinsic to the definition of an OS.

The state of commercial OS security has not been helped much by the
fact that most 'secure' OS designs were written to provide Orange
Book-style MLS (since historically that is where the money has been
for a secure OS design), which provides security features which are
for the most part useless outside of a military environment. The only
real exceptions that come to mind are the hardened Unix systems
(OpenBSD, grsec, etc) which are still stuck with a historical Unix
security model that gives local attackers (or negligent users) a lot
of rope to hang themselves and/or others. (There are of course
research systems that provide much better security models, but aren't
really usable as general purpose OSes).

-Jack