Security musings

Isn’t it just a different way in phrasing the UI, but essentially technically the same?

Mechanics is same, but phrasing implies fine granularity. So for example, this is big no:

xCc1h696×300 24.8 KB

Why? Because it does not allow the user to pick which microphone the application is allowed to see. The application should not be aware of any microphones but the one given by the user. Moreover, the user should be able to provide any audio source as a virtual microphone.

Another important detail: if user decides not to provide a microphone, this should be indistinguishable from the situation when there’s no microphones at all.

Think of it as getting consent to touch another person. Even if you do, it’s not blanket permission to do anything, and it’s not permanent.

It’s nice to preserve some capabilities across runs though, so you don’t have to pick a mic every time you open a voice chat application.

Thanks for the clarifications, I think I got it finally It’s about granularity: giving access to generally any microphone vs. the user selecting one microphone specifically to allow the app to see and access.

True, but that doesn’t mean that security issues can’t be regularly discussed. In fact, it might help if there was a “security” forum category. There are lots of potential discussions: multi-user, permissions, filesystem snapshots, VM’s & containers, etc. The coding doesn’t have to happen now, but it might make things easier for when some security will eventually be needed.

If Haiku starts becoming popular, gets good media coverage, and ppl start using it for a variety of things (e.g., making some money), it will soon be hacked to pieces. And the headlines then will all be about Haiku “security issues”.

Look:

A rough summary of the report: “Security and BeOS”

What there is:

• BONE: modular network API architecture, which allows removal / replacement of any of its parts.
• Single-user system.
• Boot scripts.
• Encryption.
• TcpDump, TcpTrace, and LibPCap Network Facilities.
• SSH Client.
• FTP and Telnet Servers: for remote management.
• Web Servers: RobinHood & Apache.

What is needed:

• Multi-user capability.
• Console security via login manager (e.g., BeLogin).
• Host Based Security Facilities.
• SSH Daemon.
• Name Service capabilities (named daemon).
• Network Firewall.
• Application Firewall (e.g., Opensnitch).
• Intrusion Detection System (e.g., Snort / Shadow).
• BeOS antivirus: (when applicable).

It is not required for a Personal Computer. I hope Haiku will continue to be a single user system. What is needed is just to add admin-manager mode to the system.

Strong -1

We all use computers differently, all my computers home are multi users (partner/kids have their sessions), so let’s avoid using this kind of statement (“it is note needed for a personal computer”) as a general rule which is obviously false. Even my neighbors who are not tech savvy do the same (multiple sessions on a personal computer).

Also, it has already been said on this forum that Haiku already has foundations for multi-user support in place, at least at the filesystem level and maybe another areas too.

Let’s not make Haiku a limited single-user OS for no “obvious” reason (as there are none). We are not going to face a single type of usage, and some of these usage will require multi-user support. Granted it may not be the majority but neither will they be negligible.

It depends what you are calling a user. If you use the system definition, it is not forcibly a real person…
What we may not need is multiple person sessions open at the same time.
What requires multiple users assuming they will log at different times, separate home directories, perhaps to crypt the unused ones? That’s not so heavy.

There are multiple somewhat related concepts here.

UNIX users is one way to handle both security (through filesystem permissions, for example, but later this was extended to capabilities and so on). And also a way to handle multiple users using the same machine.

For the latter, there is a question of how much you want to secure them from one another. Let’s say family members share a computer. Do you really need to prevent users to access each other’s data, for example with encryption? The answer depends on your family. Who is the sysadmin? Again, the answer depends on your family, or maybe there is no way to have a single person in charge of administrating the machine (adding/deleting users, installing software, …) and maybe you end up with a multi boot system, where each user has its own completely independant Haiku install (or maybe some of them decide to run other OS).

There will not be a single answer to any of this. Some of us have more computers than people in their home. For some, it’s the opposite. I can trust my roommate to not mess with my computers while I’m not home. Maybe not everyone is so lucky.

For my workplace, there are already corporate firewalls, so a simple screensaver locked with a password is enough. But, if I am to move the laptop outside of the office, or if there is someone intruding in the building at night to steal computers, disk encryption is a great idea. On my personal laptop? Well, maybe it’s not that critical, people would find only my opensource projects there. But again, not everyone is using their computers like this.

So, there are two ideas (of security and multiple users), which are related in many ways, both by the way people use computers and trust each other (or themselves), and also by the UNIX history of extending the concept of “users” to base a lot of its security on it. We don’t have to necessarily follow UNIX on the latter, but we have to think about who our users are and could be, and what is appropriate for them. We can’t really know, and so we will have to cover more and more cases as we get more users.

Oh, and I would add keeping the capability of running things as root, for us who think we know what we are doing or are lazy to change modes all of the time.

Running stuff as root has nothing to do with lazy, or knowing what you are doing, in my opion.

On MacOS for example it is almost never neccesary to execute anything with root priviliges.

On windows system permissions are also basically never needed.

It seems to be only linux that insists on having stuff be “root may do this”, instead of more granular permissions. Our package manager basically only needs to mount stuff somewhere, that can be done much easier than a root privilige with for example a capability bit that the daemon has.

Windows is sometimes doing weird things like creating silently an admin user to install things… Not the best example to follow.

I believe it could be improved, yes . A configuration per-program, to "Run this as root and don´t bother me " would be useful, in Windows and Linux, and could reduce a lot of the cases for running always as root( or Admin, or whatever ) .

Is one computer per person so bad? Single user machines benefit from simplicity, including cognitive simplicity. And being Admin for others is a pain in the arse quite frankly. Doesn’t everyone have multiple devices already anyway? I suppose this debate has been thrashed out a million times before…

If you have the money (and electricity supply, …) for it. Not everyone does…

Yeah, it’s easy to forget about poor countries.

People love to talk about security, but how often does anything change? People “secure” a system from the outside, but never fix it from the inside. They fix the walls, but never the foundation. They use tactics that others use, but never come up with radical new ways to address the issue.

For example… a computer virus:

1. How does it get in
2. How does it spread?
3. Where does it go?
4. What is the goal of that virus

I was actually hit by a virus on my Atari 1040ST ages ago. It was “harmless”, in the fact, that it only reversed the mouse pointer movement. Up became down and Left became right. Harmless, but extremely frustrating.

Haiku is about as secure as the Atari ST was, so it’s a good example. Now, go through the steps:

1. How did it get in?
   A) Infected software on a floppy disk

2. How did it spread
   A) Copying itself from the infected software to the bootsector of the next floppy disk and on and on and on. It only “activated” when enough copies of itself were made to insure further infection.

3. Where did it go?
   A) System peripheral control (mouse)

4. What was it’s ultimate goal?
   A) To reverse the mouse pointer XY movement

Now, ask yourself, how would you stop this virus from causing problems without having to IDENTIFY it, specifically?

Portable computers such as laptops and tablets can consume a few power.