Slashdot Mirror
A Closed Off System?
AnarkiNet wonders: "In an age of malware which installs itself via browsers, rootkits installing themselves from audio cds, and loads of other shady things happening on your computer, would a 'Closed OS' be successful? The idea is an operating system (open or closed source), which allows no third party software to be installed, ever. Yes, not even your own coded programs would run unless they existed in the OS-maker-managed database of programs that could be installed. Some people might be aghast at this idea but I feel that it could be highly useful for example in the corporate setting where there would be no need for a secretary to have anything on his/her computer other than the programs available from the OS-maker. For now, let's not worry if people can 'get around' the system. If each program that made up the collection of allowed programs was 'up to scratch' and had 'everything you need', would you really have an issue with being unable to install a different program that did the same thing?"
Oh yeah? After booting Apple DOS 3.3 type the following at the AppleSoft BASIC prompt:
Now you can't read or write to a disk. Now that's malware!Free karma if you can name what routine I disabled.
Show me on the doll where his noodly appendage touched you.
anyone remember the I-opener ? that was a closed (qnx) turnkey just-does-this-and-no-more system.
I don't think the company lasted long, though. too many people (myself included) bought the boxes for $100 and hacked them to get linux and win95 on them. ahh..
but the idea was kind of ok, for some people. and there was NO way to get viruses or problems when you aren't even running a real multiuser o/s like that.
oh, and it had a pizza key. a pizza key. wow.
(I still have that i-opener. I can't even imagine what a pent-120 class machine could be useful for, today, though. it wasn't even a real cpu, it was some cyrix animal, pretty feeble even for its day).
--
"It is now safe to switch off your computer."
Symbian OS form v9.1 is very close to be "Closed OS" (pan intended). If application use any "capability"(for example camera API) - any but most basic functions, it should be signed - endorsed by "test house", which have license from Symbian itself. Third party applications still possible, but only from certified developers. So if Symbian v9.1 will be any success there will probably be more closed OS in future.
... pay particular attention to noexec flag -- yes, one can configure his/her generic U**x system not to be able to execute anything off "other media" (including home directories) for what, like, 20 years... ;-)
Amazing what those guys back then thought of, is not it?
Paul B.
SELinux policies. You can configure SELinux to have a default deny to execute files that aren't on an approved list of executables, and also ensure that only trusted persons have access to change those files.
Marxism is the opiate of dumbasses
From man mount (eww):
noexec Do not allow direct execution of any binaries on the mounted file system. (Until recently it was possible to run binaries anyway using a command like /lib/ld*.so /mnt/binary. This trick fails since Linux 2.4.25 / 2.6.0.)
<xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>