Re: ActiveWhy (was Re: Comments on Microsoft Open Source document)

Tuukka Toivonen (tuukkat@ees2.oulu.fi)
Thu, 12 Nov 1998 18:19:57 +0200 (EET)

This has little to do with kernel but...

On Thu, 12 Nov 1998, Pete Chown wrote:

>At the moment, when you download some code into your browser there are
>two possibilities. It might be Java, which is secure (to a greater or
>lesser degree) and crossplatform but slow, or it might be ActiveX which
>is insecure and proprietary but fast.

Though Java is crossplatform, it's still Sun proprietary. You can get the
source but AFAIK only by signing NDA.

>An ActiveWhy control, however, is distributed as ANSI C source code and
>is automatically compiled by the browser using one of the freely
>redistributable C compilers. The resulting object file is then cached
>to speed up future accesses to the control. In addition, web site

Too slow. Compile even a small program with gcc and it takes ages. Caching
helps a little but in my opinion not much, since most of programs ran are
from webpages visited first time (IMHO).

>maintainers may, if they wish, include binaries for one or more
>platforms along with the source code. This will obviously make accesses
>to the control faster on those platforms while not ruling out the
>possibility of running the control on anything else.

Yeah. And M$ adds 'little-bit' of extra functionaly for binaries which are
for Windoze.

>This gives us something like ActiveX but portable across platforms. Now
>we need security... Firstly it must be understood that unlike ActiveX
>and Java controls, ActiveWhy controls will always run in a separate
>process context. Under Linux, there will be a kernel module which will
>implement a new personality. This personality will deny the control
>access to any system calls which might be used to compromise security.

Guess what...? Foof!

Sure Foof bug is now fixed in Linux but there are other similar bugs with
other CPUs which might not even be fixable by software. And some CPUs might
not, by design, *have* any kind of protection (simple low-power CPUs for
portable embedded Internet browsers, or whatever).

This is the reason why good sysadmins don't have visitor accounts:
operating system can never be secure enough to allow anybody to execute
anything.

--
| Tuukka Toivonen <tuukkat@ee.oulu.fi>       [PGP public key
| Homepage: http://www.ee.oulu.fi/~tuukkat/       available]
| Try also finger -l tuukkat@ee.oulu.fi
| Studying information engineering at the University of Oulu
+-----------------------------------------------------------




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/