From: Adam L. Beberg (beberg@mithral.com)
Date: Tue May 02 2000 - 13:14:25 PDT
On Tue, 2 May 2000, Ka-Ping Yee wrote:
> And what reason do i have to trust this sandbox? If it protects
> my computer as well as a "Web browser protects [me] from malicious
> code", that's pretty dismal.
No reason at all. Have you ever seen children keep all the sand in a
sandbox? I bet not. No computer scientist has ever seen it happen
either. Despite all the proof-carrying code, sandboxing, "safe"
compilers, none of them work, or can work, for a very simple reason:
It's the operating system stupid.
The operating system is the only part of the system that can enforce any
kind of working security. However, no mainstream OS chooses to do this.
Nevermind that the MMU on the silicon does all the security for you. The
OS has to go out of it's way to create all the holes and security
problems that are posted weekly to security sites.
If the OS has a flawed security model, you're screwed, period.
There are a few operating systems out there that actually have a
security model, none you will have heard of (Cosm started out as an OS,
CPU/OS still looks remarkably like a kernel interface). The public is
perfectly happy with the state of affairs because they have been
convinced that is the best that can be done. If the truth ever gets out,
the lawsuits will flow like water, so hush...
- Adam L. Beberg
Mithral Communications & Design, Inc.
The Cosm Project - http://cosm.mithral.com/
beberg@mithral.com - http://www.iit.edu/~beberg/
This archive was generated by hypermail 2b29 : Tue May 02 2000 - 13:16:23 PDT