View Single Post
Old 01 August 2015, 12:31   #138
Registered User
kolla's Avatar
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 433
Originally Posted by meynaf View Post
Well, let's admit i connect some Amiga and you hack it. What would you do exactly ? Even if I don't close ports in MiamiDx, you will NOT pass.
Well, I could steal your data, keyfiles and whatever else you got that may be of interest.

And should you pass nevertheless, you'd be ejected (by me) as quickly as you entered ! If you can enter - which i seriously doubt - you can not do anything unnoticed.
Oh yeah? Also when you are using torrent software, with random disk access and network connections anyways? Also when snatching keyfiles that are so tiny that there is hardly any activity? Also when some weirdo on IRC is busy trolling you intensly?

... IF you let anything run.
But, boy, if you let anything from a remote source run, your entire system may be owned within seconds... regardless of the machine you use.
Really. Do you browse web much? Javascript? And again, that darn tcp: device, that lets amigaos execute scripts from tcp:host/port, all you need is an exploit of some sort, any sort.

... and for me it can also be un-owned within seconds. I disconnect, or even perform ctrl-A-A. Then you lose all control.
Yeah, but maybe I added something funny to your datatypes, to your devs:monitors, to your wbstartup, your SetPatch... or just about anywhere, anything is up for grabs on AmigaOS, unlike on systems with proper security models, sandboxing etc that memory protection makes possible.

Nah, this is reversing the charge of the proof. I don't see any attack done without memory protection, that can not also be done with it.
Allright then, presume I give you remote login to my Linux box, how will you steal my files, fuck up my setup, and hose up the operating system? Hang around waiting for a 0day local root exploit?

Remember that all the zombie peecees sending spam all have memory protection. A good firewall does a lot more than memory protection ever did.
Remember that all those spam senders are located behind firewalls too.

Anyway as I said earlier, it's pointless to have "security" when you have no risk of being attacked ! We're in a market niche, remember.
Security through obscurity? Is that your business model?

My point of view on memory protection is that it should be an OPTION. What's wrong in that ???
It complicates the OS. It presents users to strange choices. Some software may only work with, other software without - what if you want to run both? How do you intend to implement the option anyways? Are you the kind of person who only run as Administrator user on Windows, or only as uid 0 user on *ix? Exactly what is it about memory protection that you are against?
kolla is offline  
Page generated in 0.05669 seconds with 9 queries