As a matter of fact, it would be possible to give the device driver less privlidges in Unix. Once again, it just isn't done.
Device driver code running in kernel mode has the same privileges as the kernel, and the kernel therefore cannot restrict it. This is why hardware architectures with more than two modes have been designed.
This means that code which requires elevated privileges must be given the same privileges as the kernel itself, since Kernel mode is the only alternative to User mode.
Not really.
If you need to read from a device, a user account can be given access to a device entry. If you need access to a file, a user account can be given access to a file.
Do you understand what happens when you access the device entry? Your user-mode code, running under whichever account, makes a request to a kernel-mode device driver, which then controls the hardware. The device driver runs in kernel mode, with the same privileges as the kernel itself. On a system with more than two privilege levels, the device driver could run with more privileges than user code, but fewer than the kernel.
Then there is privlidge seperation. You can write a small, secure piece of code that runs as root, and invokes other, more complicated programs, with only the limited privlidges that program needs. Then there is systrace, which is simply a flexible, universal version of priv. sep., but nothing stopped you from doing the same before systrace came about.
There is also cylant, which has a purpose similiar to systrace, but go a bit of a different way about the same goal.
You are confusing software permissions (e.g. user access rights) with hardware privilege levels.
You VMSers really get on my nerves (yes, all 5 of you). Just because the kernel doesn't have the different levels of access built into it, does NOT mean that you are limited to two levels. It's just such a popular method because people are lazy... VMS would be just as vulnerable if admins got lazy and used only 2 of the privlidge modes.
This is fundamentally wrong. A hardware privilege level is not the same thing as a user account.
So, your claim that VMS and multics have better security
I did not claim this. I claimed that a system which offers more than two privilege levels allows device drivers to run with more limited privileges than the kernel, thereby allowing for a more robust architecture.
is like saying that MS-DOS can't be networked... Just because it isn't built-in doesn't make it impossible. In fact, I find Unix more secure because of the fact that privlidge seperation *is* seperate from the kernel. Then again, you can still be lazy and not make use of it.
Your comments dont make sense, and show that you dont understand difference between hardware privilege levels and user accounts. UNIX relies on hardware privilege levels, just like other OSes.
OpenBSD has "the magic ability" to not let an application crash the OS.
This is actually a very simple thing to do. Any OS designed for minicomputer-class hardware (e.g. VAX, RISC or 386+ CPUs) will include this magic ability (including NT). Such OSes will only crash if there is a bug in the OS itself, or in code that is treated as part of the OS.
One of the flaws with UNIX and NT, as compared to systems like VMS (with four protection modes) and Multics (with up to sixty-four protection rings), is the existence of only two protection modes: User and Kernel. This means that code which requires elevated privileges must be given the same privileges as the kernel itself, since Kernel mode is the only alternative to User mode.
This problem of only two protection modes is deeper than the OS design, however. Most RISC CPUs provide only two modes (the x86 provides four rings; the VAX provided four modes), so in order for an OS to be portable to such architectures, it must be limited to two modes like UNIX. This is probably why NT, which was designed by the architect of the four-mode VMS system, itself only supports two modes (like UNIX).
Remember that UNIX was considered very buggy and unstable in the 1980s, where as VMS (which is a younger system) was seen as rock solid. This reflects the design advantages of VMS, in being tied to the VAX architecture, with its four protection modes and robust instruction set, but that reliance on the VAX architecture was also a major weakness: unlike UNIX, VMS could not be ported to most RISC architectures, or the 386, and so only runs on VAX and Alpha. Both of these architectures support the four modes it requires, but are now niche CPUs with declining user bases. This limited hardware support was the most important reason for the decline of VMS, where as the portability of UNIX and NT were very important factors in their success.
UNIX, BSD, Linux and Windows 2000/XP show that a system with only two protection modes can eventually become stable, through simplified design and/or extensive testing on supported hardware configurations over time, but there is always the risk that new hardware will introduce new device-driver bugs, which automatically become new kernel bugs, thereby reducing any of the OSes to an unstable disaster again. The broader the hardware support is, the likelier it is this will happen.
How is it that Apache and XFree86 have not been forked off into proprietary products and promptly used to put the reams to you with custom extensions? Apache is perhaps the most successful open source project, and XFree86 is perhaps second. This is in part because they do not use the GPL, and are therefore free from its restrictions.
If people should be paying for music to which they listen, why are radio stations paid to play music instead of charged?
Sorry, I dont know anything about the radio industry. Maybe having a song played on the radio is considered a good way to advertise it. The quality of radio is clearly inferior to the quality of, for example, a CD, so maybe the owners of the music dont care if such a low-quality version is distributed.
Why are some of the most pirated songs also the biggest sellers at the stores?
I think the most obvious explanation for this is that songs are popular with those who buy music for the same reason(s) they are popular with those who download music.
My own concern is less with music than it is with more intellectual forms of IP such as books and software. A book or software application requires much more investment in education/training, time and effort to produce than music, and there is a greater risk that such investments will not be made if piracy severely reduces the potential returns.
I read the article. A representative from OpenOffice said that according to reports he has heard, the MS-XML format is crippled. An Office 2003 beta tester quoted in the article had a different view:
Gary Edwards (OpenOffice Representative): "Although it's still early in the review process, it does look as though XP XML has been so seriously crippled as to be useless to anyone but the big content management and collaboration system providers. Reports are that when saving to XML, [Office 2003] strips out the presentation and formatting information, leaving near raw content."
Mark McWilliams (MS-Office 2003 beta tester): "The opened XML document looks exactly like the original.doc file. And if I open up the XML file in a text editor, I can see that all of the formatting is properly maintained in the XML file."
This beta tester also said the document he used was heavily formatted, and that there is an alternative, data-only XML format in MS Office 2003 that does remove the formatting.
Who is right? I dont know and I dont care, because I dont use MS-Office 2003. However, I am usually suspicious of criticisms of a product that are levelled by its competitors. The users of that product usually have a more objective and accurate view.
Ever hear the story about boiling a frog? Basically, you can boil a frog, and he won't complain, as long as you increase the temperature slowly. Being a cold-blooded animal, frogs only notice temperature changes, not absolute temperatures. So a frog will happily stay in the water while you boil him to death, provided you increase the temperature in small increments.
Perhaps the point is that not every frog that is put into water is being slowly boiled. It is not therefore a useful argument to claim that a frog is being slowly boiled simply because it has been put into water. If, however, this is taking place in a kitchen, and a chef is the one who is putting the frog into the water, the frog may have reason to be concerned.
But its the thin end of the wedge, the beginning of the end! Were all doomed; the other caveman told me so!;) Seriously, I think this is a good idea.
There are some things which provide benefits to some at the expense of others, but are difficult to control directly. Pollution and copyright violations are examples of such things.
Some of us try to avoid contributing to these problems to the extent that we can, but what can be done about those who have no concern for the damage they are doing to others? The only force capable of redressing this is the state, and even its power is limited in the modern age. In order for policies of this kind to be truly effective, international coördination through institutions like the EU, WTO and UN is necessary. National laws are, however, a good first step.
The biggest problem with policies of this kind (whether dealing with pollution or with copyright violations) is the potential negative impact on economic activity, at least in the short run. In the long run, it is a question for theorists, but I am behind those who believe strong enforcement of IP laws leads to the production of more useful IP, and is therefore good.
A second problem is how to ensure the estimates of who should pay and who should receive compensation are accurate. Naturally the transfers can never be perfectly accurate, but a moderate degree of accuracy is necessary if the scheme is to have any value.
Xenix is actually peripheral to this issue. The code in question is the UNIX System V code, which was developed by AT&T and marketed as a UNIX for the Intel 386. It was not overly successful, and was acquired by Novell in the early 1990s.
Novell renamed UNIX System V to UnixWare, and tried to position it against Windows NT, without much success. Novell eventually sold UnixWare to SCO, which later sold it to Caldera. Caldera has now changed its name to SCO, and the old SCO is now called Tarantella. Caldera itself was founded by Novell founder Ray Noorda, who had never wanted to sell UnixWare to SCO.
All Unixes which are based on SVR4 or otherwise use code from the "original" UNIX implementation owe royalties to SCO. This includes Solaris, HP/UX, AIX, et. al.
I believe Sun is exempt from this, with full ownership of its UNIX code, owing to a unique agreement it reached with AT&T, at the time if its transition from SunOS4 (BSD) to SunOS5 (System V). It was this agreement which produced the UNIX wars: the other UNIX vendors feared the close relationship between AT&T and Sun, and therefore founded the Open Software Foundation.
The original goal of the Open Software Foundation was to produce an open, UNIX-compatible OS based on the Mach kernel. Its name was OSF/1. In response to this, AT&T and Sun formed a consortium called UNIX International, which was to manage the UNIX standard.
Over time, the rift between OSF and UI was healed, OSF/1 reunited with UNIX and the OSF merged with X/Open to become The Open Group. It currently holds the rights to the UNIX trademark.
It depends on how one defines an operating system. Tru64 UNIX, for example, comprises the Mach kernel with a kernel-mode UNIX server running on top of it, yet it is universally regarded as a real UNIX.
Interix comprises the NT kernel with a user-mode UNIX server running on top of it, and with much of the supporting software (e.g. the file system, networking, et al.) running in kernel mode. From a technical perspective, it is reasonable to say it is a UNIX OS, just as Tru64 UNIX is such, and as Mac OS X is a BSD. I believe Interix was also certified by The Open Group, making it de jure UNIX, but this is only from memory.
CygWin is a set of shared libraries and executables which provide some UNIX-like APIs on top of Win32. It does not run natively on NT, and therefore cannot access kernel features that are not exposed to Win32. For example, fork() is implemented by the NT kernel, and used by Interix, but not by Win32. CygWin runs on top of Win32, so it therefore cannot implement a true fork(), and must inefficiently emulate it using the available Win32 APIs.
There are further differences between a subsystem such as Interix and a set of shared libraries such as CygWin. One of these is that a subsystem does not allow access to the APIs of other subsystems: an Interix process cannot call a Win32 API, and a Win32 process cannot call an Interix API. Other differences are discussed on the CygWin site, and include such things as Cygwins lack of security, its lack of a UNIX process-tree structure (with init as the root process), its lack of a dedicated binary format (a CygWin binary is just a Win32 binary), etc.
I believe there was such an agreement, and that it was the reason the development of OpenNT/Interix was outsourced to Softway Systems, rather than developed internally by Microsoft.
If my memory is correct, Microsoft and SCO nullified this agreement a few years ago, when settling a related lawsuit, and Microsoft acquired Softway shortly afterwards.
Your comment invites some interesting questions. Does eBay freely share this information with police from any country, whether or not the user has any links to it? Does eBay respect the privacy laws of the user's country of residence?
Slashdot Mirror
Device driver code running in kernel mode has the same privileges as the kernel, and the kernel therefore cannot restrict it. This is why hardware architectures with more than two modes have been designed.
Not really.
If you need to read from a device, a user account can be given access to a device entry. If you need access to a file, a user account can be given access to a file.
Do you understand what happens when you access the device entry? Your user-mode code, running under whichever account, makes a request to a kernel-mode device driver, which then controls the hardware. The device driver runs in kernel mode, with the same privileges as the kernel itself. On a system with more than two privilege levels, the device driver could run with more privileges than user code, but fewer than the kernel.
Then there is privlidge seperation. You can write a small, secure piece of code that runs as root, and invokes other, more complicated programs, with only the limited privlidges that program needs. Then there is systrace, which is simply a flexible, universal version of priv. sep., but nothing stopped you from doing the same before systrace came about.
There is also cylant, which has a purpose similiar to systrace, but go a bit of a different way about the same goal.
You are confusing software permissions (e.g. user access rights) with hardware privilege levels.
You VMSers really get on my nerves (yes, all 5 of you). Just because the kernel doesn't have the different levels of access built into it, does NOT mean that you are limited to two levels. It's just such a popular method because people are lazy... VMS would be just as vulnerable if admins got lazy and used only 2 of the privlidge modes.
This is fundamentally wrong. A hardware privilege level is not the same thing as a user account.
So, your claim that VMS and multics have better security
I did not claim this. I claimed that a system which offers more than two privilege levels allows device drivers to run with more limited privileges than the kernel, thereby allowing for a more robust architecture.
is like saying that MS-DOS can't be networked... Just because it isn't built-in doesn't make it impossible. In fact, I find Unix more secure because of the fact that privlidge seperation *is* seperate from the kernel. Then again, you can still be lazy and not make use of it.
Your comments dont make sense, and show that you dont understand difference between hardware privilege levels and user accounts. UNIX relies on hardware privilege levels, just like other OSes.
This is actually a very simple thing to do. Any OS designed for minicomputer-class hardware (e.g. VAX, RISC or 386+ CPUs) will include this magic ability (including NT). Such OSes will only crash if there is a bug in the OS itself, or in code that is treated as part of the OS.
One of the flaws with UNIX and NT, as compared to systems like VMS (with four protection modes) and Multics (with up to sixty-four protection rings), is the existence of only two protection modes: User and Kernel. This means that code which requires elevated privileges must be given the same privileges as the kernel itself, since Kernel mode is the only alternative to User mode.
This problem of only two protection modes is deeper than the OS design, however. Most RISC CPUs provide only two modes (the x86 provides four rings; the VAX provided four modes), so in order for an OS to be portable to such architectures, it must be limited to two modes like UNIX. This is probably why NT, which was designed by the architect of the four-mode VMS system, itself only supports two modes (like UNIX).
Remember that UNIX was considered very buggy and unstable in the 1980s, where as VMS (which is a younger system) was seen as rock solid. This reflects the design advantages of VMS, in being tied to the VAX architecture, with its four protection modes and robust instruction set, but that reliance on the VAX architecture was also a major weakness: unlike UNIX, VMS could not be ported to most RISC architectures, or the 386, and so only runs on VAX and Alpha. Both of these architectures support the four modes it requires, but are now niche CPUs with declining user bases. This limited hardware support was the most important reason for the decline of VMS, where as the portability of UNIX and NT were very important factors in their success.
UNIX, BSD, Linux and Windows 2000/XP show that a system with only two protection modes can eventually become stable, through simplified design and/or extensive testing on supported hardware configurations over time, but there is always the risk that new hardware will introduce new device-driver bugs, which automatically become new kernel bugs, thereby reducing any of the OSes to an unstable disaster again. The broader the hardware support is, the likelier it is this will happen.
How is it that Apache and XFree86 have not been forked off into proprietary products and promptly used to put the reams to you with custom extensions? Apache is perhaps the most successful open source project, and XFree86 is perhaps second. This is in part because they do not use the GPL, and are therefore free from its restrictions.
Sorry, I dont know anything about the radio industry. Maybe having a song played on the radio is considered a good way to advertise it. The quality of radio is clearly inferior to the quality of, for example, a CD, so maybe the owners of the music dont care if such a low-quality version is distributed.
Why are some of the most pirated songs also the biggest sellers at the stores?
I think the most obvious explanation for this is that songs are popular with those who buy music for the same reason(s) they are popular with those who download music.
My own concern is less with music than it is with more intellectual forms of IP such as books and software. A book or software application requires much more investment in education/training, time and effort to produce than music, and there is a greater risk that such investments will not be made if piracy severely reduces the potential returns.
I read the article. A representative from OpenOffice said that according to reports he has heard, the MS-XML format is crippled. An Office 2003 beta tester quoted in the article had a different view:
.doc file. And if I open up the XML file in a text editor, I can see that all of the formatting is properly maintained in the XML file."
Gary Edwards (OpenOffice Representative): "Although it's still early in the review process, it does look as though XP XML has been so seriously crippled as to be useless to anyone but the big content management and collaboration system providers. Reports are that when saving to XML, [Office 2003] strips out the presentation and formatting information, leaving near raw content."
Mark McWilliams (MS-Office 2003 beta tester): "The opened XML document looks exactly like the original
This beta tester also said the document he used was heavily formatted, and that there is an alternative, data-only XML format in MS Office 2003 that does remove the formatting.
Who is right? I dont know and I dont care, because I dont use MS-Office 2003. However, I am usually suspicious of criticisms of a product that are levelled by its competitors. The users of that product usually have a more objective and accurate view.
Ever hear the story about boiling a frog? Basically, you can boil a frog, and he won't complain, as long as you increase the temperature slowly. Being a cold-blooded animal, frogs only notice temperature changes, not absolute temperatures. So a frog will happily stay in the water while you boil him to death, provided you increase the temperature in small increments.
Perhaps the point is that not every frog that is put into water is being slowly boiled. It is not therefore a useful argument to claim that a frog is being slowly boiled simply because it has been put into water. If, however, this is taking place in a kitchen, and a chef is the one who is putting the frog into the water, the frog may have reason to be concerned.
But its the thin end of the wedge, the beginning of the end! Were all doomed; the other caveman told me so! ;) Seriously, I think this is a good idea.
There are some things which provide benefits to some at the expense of others, but are difficult to control directly. Pollution and copyright violations are examples of such things.
Some of us try to avoid contributing to these problems to the extent that we can, but what can be done about those who have no concern for the damage they are doing to others? The only force capable of redressing this is the state, and even its power is limited in the modern age. In order for policies of this kind to be truly effective, international coördination through institutions like the EU, WTO and UN is necessary. National laws are, however, a good first step.
The biggest problem with policies of this kind (whether dealing with pollution or with copyright violations) is the potential negative impact on economic activity, at least in the short run. In the long run, it is a question for theorists, but I am behind those who believe strong enforcement of IP laws leads to the production of more useful IP, and is therefore good.
A second problem is how to ensure the estimates of who should pay and who should receive compensation are accurate. Naturally the transfers can never be perfectly accurate, but a moderate degree of accuracy is necessary if the scheme is to have any value.
Xenix is actually peripheral to this issue. The code in question is the UNIX System V code, which was developed by AT&T and marketed as a UNIX for the Intel 386. It was not overly successful, and was acquired by Novell in the early 1990s.
Novell renamed UNIX System V to UnixWare, and tried to position it against Windows NT, without much success. Novell eventually sold UnixWare to SCO, which later sold it to Caldera. Caldera has now changed its name to SCO, and the old SCO is now called Tarantella. Caldera itself was founded by Novell founder Ray Noorda, who had never wanted to sell UnixWare to SCO.
I believe Sun is exempt from this, with full ownership of its UNIX code, owing to a unique agreement it reached with AT&T, at the time if its transition from SunOS4 (BSD) to SunOS5 (System V). It was this agreement which produced the UNIX wars: the other UNIX vendors feared the close relationship between AT&T and Sun, and therefore founded the Open Software Foundation.
The original goal of the Open Software Foundation was to produce an open, UNIX-compatible OS based on the Mach kernel. Its name was OSF/1. In response to this, AT&T and Sun formed a consortium called UNIX International, which was to manage the UNIX standard.
Over time, the rift between OSF and UI was healed, OSF/1 reunited with UNIX and the OSF merged with X/Open to become The Open Group. It currently holds the rights to the UNIX trademark.
It depends on how one defines an operating system. Tru64 UNIX, for example, comprises the Mach kernel with a kernel-mode UNIX server running on top of it, yet it is universally regarded as a real UNIX.
Interix comprises the NT kernel with a user-mode UNIX server running on top of it, and with much of the supporting software (e.g. the file system, networking, et al.) running in kernel mode. From a technical perspective, it is reasonable to say it is a UNIX OS, just as Tru64 UNIX is such, and as Mac OS X is a BSD. I believe Interix was also certified by The Open Group, making it de jure UNIX, but this is only from memory.
CygWin is a set of shared libraries and executables which provide some UNIX-like APIs on top of Win32. It does not run natively on NT, and therefore cannot access kernel features that are not exposed to Win32. For example, fork() is implemented by the NT kernel, and used by Interix, but not by Win32. CygWin runs on top of Win32, so it therefore cannot implement a true fork(), and must inefficiently emulate it using the available Win32 APIs.
There are further differences between a subsystem such as Interix and a set of shared libraries such as CygWin. One of these is that a subsystem does not allow access to the APIs of other subsystems: an Interix process cannot call a Win32 API, and a Win32 process cannot call an Interix API. Other differences are discussed on the CygWin site, and include such things as Cygwins lack of security, its lack of a UNIX process-tree structure (with init as the root process), its lack of a dedicated binary format (a CygWin binary is just a Win32 binary), etc.
I believe there was such an agreement, and that it was the reason the development of OpenNT/Interix was outsourced to Softway Systems, rather than developed internally by Microsoft.
If my memory is correct, Microsoft and SCO nullified this agreement a few years ago, when settling a related lawsuit, and Microsoft acquired Softway shortly afterwards.
Your comment invites some interesting questions. Does eBay freely share this information with police from any country, whether or not the user has any links to it? Does eBay respect the privacy laws of the user's country of residence?