Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uwm.edu!zaphod.mps.ohio-state.edu!think.com!barmar
From: barmar@think.com (Barry Margolin)
Newsgroups: comp.org.eff.talk
Subject: Re: How secure should computers be?
Message-ID: <1991Jun18.061313.18486@Think.COM>
Date: 18 Jun 91 06:13:13 GMT
References: <1991Jun12.211143.18803@murdoch.acc.Virginia.EDU> <18278@venera.isi.edu> <1991Jun18.044351.8369@athena.cs.uga.edu>
Sender: news@Think.COM
Reply-To: barmar@think.com
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 37

In article <1991Jun18.044351.8369@athena.cs.uga.edu> mcovingt@athena.cs.uga.edu (Michael A. Covington) writes:
>Well, back in pre-UNIX days, computers _were_ secure, and serious
>programmers (the kind of people who hang out here) didn't like it.
>You couldn't see any files other than your own... you couldn't run
>a process in the background... and so on.

You seem to have a severely limited idea of what existed before Unix.
Multics, probably the most secure general-purpose, commercial system that
ever existed, was hardly that limited.  You could see other users' files
if they allowed you to, you could run background jobs, etc.

>The notorious "insecurity" of UNIX is _versatility_. 

No, it's sloppiness.  It's true that implementing both security and
flexibility in the same system is hard.  It requires a decent amount of
careful design.  Extreme security was not a high priority of the Unix
designers (they were just throwing together a little OS for their personal
use in a cooperative research environment), and it's difficult to graft
good security onto an existing system.

>I'm amused that the same kind of people who hated secure operating
>systems when they had them, now claim operating systems should be
>more secure.

There are appropriate environments for both secure and insecure systems.
One of the original goals of Multics was that it be used by commercial
timesharing utilities; just as you don't want randoms to be able to tap
your phone, you wouldn't want them to be able to snoop in your private
files.  On the other hand, in a cooperative research environment, security
barriers between users are often just a pain in the neck.  But if the
research project is confidential, they'd still want to keep out intruders
(e.g. corporate spies).
-- 
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar