English Amiga Board


Go Back   English Amiga Board > Main > Amiga scene

 
 
Thread Tools
Old 23 March 2015, 21:24   #21
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by Paul_s View Post
In principle a very good idea.

In reality - useless - most users just click 'Yes' and allow everything and anything to install. (it's only really good as a fail safe for people who know how to use a computer and accidently download something bad).
"Problem Exists Between Chair And Keyboard"

of course this is why you shouldn't give people admin privileges if they don't know what they're doing...

Quote:
Originally Posted by Megol View Post
User space/kernel space is one kind of division. Allowing different processes (Unix term) accessing different things is another.
but it would just be the same thing with different terminology. The implementation details would be the same. Call them "modes" instead of "users" or whatever, "multi-user" doesn't require that the different accounts actually belong to different people. Of course that is an obvious and natural use of the technology.

Last edited by Mrs Beanbag; 23 March 2015 at 21:40.
Mrs Beanbag is offline  
AdSense AdSense  
Old 23 March 2015, 21:57   #22
Paul_s
needs more ice cream

Paul_s's Avatar
 
Join Date: Nov 2006
Location: Amigaville
Age: 39
Posts: 3,162
Quote:
Originally Posted by Mrs Beanbag View Post
"Problem Exists Between Chair And Keyboard"

of course this is why you shouldn't give people admin privileges if they don't know what they're doing...


but it would just be the same thing with different terminology. The implementation details would be the same. Call them "modes" instead of "users" or whatever, "multi-user" doesn't require that the different accounts actually belong to different people. Of course that is an obvious and natural use of the technology.
if only it were that simple sometimes it's not feasible to not give end users local admin rights due to trusted/aka 'crap/badly written' software requiring admin access to update itself

And then on top of that the 100+ phone calls asking you to install their 3rd party software when they can't do it because of restrictions.
Even giving them a separate 'local' admin account to do the above doesn't help as they don't understand the difference or what they're doing (even with full graphic instructions).

Paul_s is offline  
Old 23 March 2015, 22:16   #23
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by Paul_s View Post
if only it were that simple sometimes it's not feasible to not give end users local admin rights due to trusted/aka 'crap/badly written' software requiring admin access to update itself
let me guess, you use Windows, right?

i do know what you mean. Windows never used to be a multi-user OS until relatively recently and still most people only have a single admin-level account to this day, what do i say...

Problem Exists Between Chair And Keyboard At Software Company
Mrs Beanbag is offline  
Old 23 March 2015, 22:27   #24
TCD
Registered User

TCD's Avatar
 
Join Date: Sep 2006
Location: Germany
Age: 39
Posts: 24,032
Quote:
Originally Posted by Mrs Beanbag View Post
Windows never used to be a multi-user OS until relatively recently and still most people only have a single admin-level account to this day, what do i say...
I really wonder where you get your information from. Windows 3.11 has user accounts. Windows 95 has user accounts. I hope that is not what you call 'relatively recently'.
TCD is offline  
Old 23 March 2015, 22:49   #25
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by TCD View Post
I really wonder where you get your information from. Windows 3.11 has user accounts. Windows 95 has user accounts. I hope that is not what you call 'relatively recently'.
3.11 and 95 had user accounts but there were no access privileges so it wasn't really a multi-user OS in the sense that we are talking about here. They were really all just GUIs that ran on top of DOS!

Windows NT was multi-user from the start but the general home consumer had to wait until Windows XP.
Mrs Beanbag is offline  
Old 23 March 2015, 22:52   #26
TCD
Registered User

TCD's Avatar
 
Join Date: Sep 2006
Location: Germany
Age: 39
Posts: 24,032
Windows NT was 1996 and XP 2001. A lot of users still use an admin account as their main account today. The problem sits in front of the PC, no matter which OS they use.
TCD is offline  
Old 23 March 2015, 22:59   #27
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by TCD View Post
Windows NT was 1996 and XP 2001.
NT 3.1 was 1993 but it was a Pro-grade/server OS, not for average joe at home.

Quote:
A lot of users still use an admin account as their main account today. The problem sits in front of the PC, no matter which OS they use.
True, and i already said it. Sadly sometimes that problem is sitting in front of the PC writing commercial software. I know because i've been fixing exactly this sort of thing over the last year or so. Developers who are only used to working with Windows often seem to assume this use model.
Mrs Beanbag is offline  
Old 23 March 2015, 23:11   #28
TCD
Registered User

TCD's Avatar
 
Join Date: Sep 2006
Location: Germany
Age: 39
Posts: 24,032
But you agree that if a Linux user happens to be too lazy to type in the root password all the time and just use the root account *and* would run across a software abusing this scenario the effects would be pretty much the same as an admin user on a Windows system running some malicious software?
TCD is offline  
Old 23 March 2015, 23:25   #29
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by TCD View Post
But you agree that if a Linux user happens to be too lazy to type in the root password all the time and just use the root account *and* would run across a software abusing this scenario the effects would be pretty much the same as an admin user on a Windows system running some malicious software?
well. i guess so. although i don't know about other Linux distros but the Ubuntu family haven't actually had a root user you can log in as for quite some time, you use "sudo" instead. Although you *can* do "sudo -s" in a terminal.

Still... anyone who uses the root account on Linux for everyday computing (as opposed to occasional maintenance) is a fool who deserves what they get. Anyone who uses an account with admin privileges on Windows is... well... normal.
Mrs Beanbag is offline  
Old 23 March 2015, 23:31   #30
TCD
Registered User

TCD's Avatar
 
Join Date: Sep 2006
Location: Germany
Age: 39
Posts: 24,032
Quote:
Originally Posted by Mrs Beanbag View Post
Still... anyone who uses the root account on Linux for everyday computing (as opposed to occasional maintenance) is a fool who deserves what they get. Anyone who uses an account with admin privileges on Windows is... well... normal.
I disagree, but then again I'm used to Windows NT since 1997. Using an admin account and installing software you have no clue about is asking for it. No matter which OS you use.
TCD is offline  
Old 23 March 2015, 23:46   #31
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by TCD View Post
I disagree, but then again I'm used to Windows NT since 1997. Using an admin account and installing software you have no clue about is asking for it. No matter which OS you use.
On Ubuntu you can give administrator privileges to any users you want, but programs you run from such an account don't run with administrator privileges, it just means you get a password prompt when you try to do certain things, so it will let you do them but you have to confirm. Or from a terminal you have to use sudo to do privileged things. So with an admin account you can do privileged things, but not easily by accident. So it is not the same as logging in as Root.

On Windows XP however, if you are logged in with an admin account it seems to be pretty much an open system, any program you run can make any changes at all. It is like the root account in old-style Linux/Unix and you really shouldn't use it. Of course i did, back in the day, before i knew any better.

Windows 7 and 8 seem somewhat better in this regard, they do at least let you know beforehand that something is about to make changes to your system. I don't remember XP doing that? Or maybe my memory isn't so good? But of course a lazy user will just click "yes" to everything. A password prompt i guess doesn't add much security if you are alone in your own house, but if you find some other admin account already logged in on a publicly-accessible PC you could maybe do some damage.

also the way you install software in Windows i always find a bit dodgy, there's no package management to speak of, you just download an executable and run it, you give it access and it could do anything for all you know you've just got to trust it.
Mrs Beanbag is offline  
Old 24 March 2015, 00:06   #32
TCD
Registered User

TCD's Avatar
 
Join Date: Sep 2006
Location: Germany
Age: 39
Posts: 24,032
Sorry, but I'm tired of discussing the topic. You like to see it your way and I agree that Unix/Linux does a better job at limiting the average user. You just make it seem that Windows doesn't have a proper way to deal with limited accounts 'until relatively recently' and I quite disagree with that statement. The thread is about Amiga OS' security though and I'll leave it to that now.
TCD is offline  
Old 24 March 2015, 00:24   #33
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
well. ok. i don't want it to turn into a complaining about Windows thread anyway. The point is it wasn't multi-user from the beginning, and usage habits formed.

but yes. Amiga security. Basically there isn't any. Any software can write anywhere to memory at any time, and anywhere to disk, and there is not a lot you can do to stop anyone without an MMU.

However i think there is scope for "some" level of security without an MMU. It could be possible to create a filesystem with privilege access levels. Of course it would always be possible to bypass it by writing to hardware registers directly but a casual user wouldn't be able, for instance, to randomly delete system files. We could even have user accounts, with each user only being able to access their own account.

As for what we could do with an MMU, well block all direct access to disk control registers for one thing! Or at least the hard drive ones, we could, perhaps, allow trackloaders to work as long as you boot from the disk, but block that as soon as workbench loads.

Then, if we really want to push the boat out, partition "kernel" space into a different memory map. Keep user-space all in one big memory map so user programs can still interact with each other, but at least they won't be able to screw the system up, and we'd be able to detect accesses to memory that wasn't reserved at all. We'd have to keep Chip RAM flat or everything would get a bit confusing.
Mrs Beanbag is offline  
Old 24 March 2015, 09:24   #34
kolla
Registered User
kolla's Avatar
 
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 767
Quote:
Originally Posted by Megol View Post
User space/kernel space is one kind of division. Allowing different processes (Unix term) accessing different things is another.
But you seem to think this kind of division have anything to do with multi-user support. Multi-user support in it self is the support of several users, not anything to do with either protection _or_ security.

Do you agree with that? Otherwise this discussion can't lead anywhere.
Multi-user support, as in different "owners" of processes and whatever, is a consequence - it's just a semantic abstraction away from any kind of security model.

Quote:
I do, yes. Among those are capabilities.
So to what do you grant capabilities? To individual binaries? To some sort of an abstract entitity, like a "user"?

Please name an operating system that is considered secure and yet has no concept of "users".
kolla is offline  
Old 24 March 2015, 11:01   #35
Megol
Registered User

Megol's Avatar
 
Join Date: May 2014
Location: inside the emulator
Posts: 254
Quote:
Originally Posted by Mrs Beanbag View Post
but it would just be the same thing with different terminology. The implementation details would be the same. Call them "modes" instead of "users" or whatever, "multi-user" doesn't require that the different accounts actually belong to different people. Of course that is an obvious and natural use of the technology.
I'm trying to point out that multi-user support is orthogonal to protection and security. While individual user accounts can be used to track rights and resources it isn't the only (or IMHO best) way to do it.
Or in other words: the problem isn't the terminology, the problem is the semantics.

Quote:
Originally Posted by kolla View Post
Multi-user support, as in different "owners" of processes and whatever, is a consequence - it's just a semantic abstraction away from any kind of security model.
No for some forms of security models. Which is my point.

Quote:
So to what do you grant capabilities? To individual binaries? To some sort of an abstract entitity, like a "user"?
What to grant capabilities? I'd call it a protection domain, it is a commonly used name for that. No, there is no need to link a user account to it.

Quote:
Please name an operating system that is considered secure and yet has no concept of "users".
That could be hard. Partially because multi-user support is useful on its own and a sufficiently sophisticated OS will implement it.

I'm just trying to point out that one doesn't _have_ to copy the Unix model to have protection and security, don't know why that is such an unpopular opinion...

Last edited by TCD; 24 March 2015 at 11:26. Reason: Back-to-back posts merged.
Megol is offline  
Old 24 March 2015, 17:50   #36
idrougge
Registered User
 
Join Date: Sep 2007
Location: Stockholm
Posts: 3,076
Quote:
Originally Posted by Mrs Beanbag View Post
It could be possible to create a filesystem with privilege access levels. Of course it would always be possible to bypass it by writing to hardware registers directly but a casual user wouldn't be able, for instance, to randomly delete system files.
Code:
Protect SYS:#? SUB D
idrougge is offline  
Old 24 March 2015, 21:11   #37
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by idrougge View Post
Code:
Protect SYS:#? SUB D
that's a good example of the idea, but this on its own won't give you any useful protection. It would prevent you from little accidents, perhaps, but...
1. it prevents ALL users equally, so it would also prevent legitimate filesystem writes to protected files, by processes that you might want to have privileged access.
2. it wouldn't actually prevent malicious software from doing anything, since there is nothing to stop anyone simply doing a "Protect ADD D".

Nevertheless it demonstrates that the filesystem can have some measure of security, as long as malicious code doesn't go so far as to bang the hardware to access the hard drive.

There is also the "lock" command which you can use to completely write-protect an entire volume.
Mrs Beanbag is offline  
Old 25 March 2015, 17:42   #38
kolla
Registered User
kolla's Avatar
 
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 767
Well, you can also use a MUFS capable filesystem and enjoy more levels of "protection", but it is kinda moot as long as all memory is wide open for any software.
kolla is offline  
Old 25 March 2015, 18:17   #39
idrougge
Registered User
 
Join Date: Sep 2007
Location: Stockholm
Posts: 3,076
Quote:
Originally Posted by Mrs Beanbag View Post
that's a good example of the idea, but this on its own won't give you any useful protection. It would prevent you from little accidents, perhaps, but...
1. it prevents ALL users equally, so it would also prevent legitimate filesystem writes to protected files, by processes that you might want to have privileged access.
Protect already has a USER flag for that purpose, but mainstream filesystems don't support it. I think it came into being as part of Envoy.

I still don't see much point in multiple users for the sake of security. Sure, it's useful for other purposes such as sharing your computer with other users, but as long as you're the single human user, there's no intrinsic need just to keep up security.
I use my Mac as a single user. In case I need to alter a protected file, the system asks for my password. It could just as well ask for a password without being multi-user.
idrougge is offline  
Old 25 March 2015, 20:05   #40
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by idrougge View Post
Protect already has a USER flag for that purpose, but mainstream filesystems don't support it. I think it came into being as part of Envoy.
i don't see it in any docs, unless i'm missing something

Quote:
I use my Mac as a single user. In case I need to alter a protected file, the system asks for my password. It could just as well ask for a password without being multi-user.
I use Linux this way as well, in fact as i already said, Ubuntu-family of Linux no longer provides a root user that you can log in as. But when you put your password in, on Ubuntu or Mac, you become "superuser" and get the access rights of the root account. It doesn't really matter to the computer if the superuser and the normal user are the same person or not, behind the scenes that is what is going on. The term "multiuser" is really a piece of history because that was the context in which the technology was originally devised, the important separation here is really not between "user" and "user" but between "user" and "root" which was always kind of special, you have "root" and then you have "user accounts" on another level.

You are correct in that purely for security we don't need multiple directories in the home drive that different individuals can access, but if you can have even one such directory you can have any number of them. Security with only one user is equivalent to using only a single bit to store the user IDs.

anyway...
I was looking at the 68020 manual and the A1200 specs and one thing i noted is that it is possible to determine if the CPU is running in supervisor or user mode from the outside. This is output on the CPU's FC0-2 pins. FC0 and FC1 are connected to AA Gayle but sadly FC2 is needed to differentiate supervisor from user access, although it can tell the difference between data and instruction accesses. I don't know for what it uses this information.

Also i don't know exactly how the CPU drives the IDE interface. It goes through Gayle somehow but whether it is just a set of memory-mapped registers like for the floppy drive, or some other mechanism i don't know. It's possible it does it through the privileged MOVEC and MOVES commands, in which case things are looking up.

Last edited by Mrs Beanbag; 25 March 2015 at 20:14.
Mrs Beanbag is offline  
AdSense AdSense  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
Breathless security codes Supamax request.Other 9 09 October 2009 08:11
SNES EyeOfTheBeholder compared to Amiga's port jharrison Retrogaming General Discussion 12 01 December 2008 23:06
How fast is WINUAE compared to a real amiga? mrbob2 Retrogaming General Discussion 13 15 November 2008 00:14
My Amiga was a security system DigitalQuirk Nostalgia & memories 3 17 April 2008 18:39
Why are Amiga games the most cheat menu hacked compared to other systems? extentofmysin Retrogaming General Discussion 13 06 September 2006 21:16

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 00:05.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Page generated in 0.47749 seconds with 11 queries