On Tue, Mar 10, 2015 at 09:25:41PM -0700, Chris Palmer wrote: > On Tue, Mar 10, 2015 at 8:23 PM, <travis+ml-lang...@subspacefield.org> wrote: > > > Incidentally, has anyone noticed that the recommended path to > > security sometimes seems to be "handcuffing" oneself, for some > > definition of handcuffing and some definition of oneself? For > > example, standard langsec recommendation, SELinux, sandboxing, > > MMUs, Trusted Computing all involve restricting power. > > I see those things (except perhaps SELinux, which I have a hard time > taking seriously) as providing much more freedom than they take > away.
SELinux provides check box compliance for some applications. Its threat model seems entirely innocent of the idea that the people giving the orders might themselves be the problem. This strikes me as odd given that at the agency that spawned it, they've been the principal problem throughout its history. > Privilege separation enables mobile code and for multiple people to > share 1 machine. MMUs enable virtual memory, which enables the > programmer to pretend to have free reign over the entire address > space and frees the programmer from having to worry about clobbering > other programs or the kernel. This is true to the extent that they're bug- and side-effect-free, which is to say some people continue to need to worry about them, even though the vast majority even of low-level systems programmers don't. > Langsec allows us to have simple interfaces that are more obviously > safe, reduces maintenance costs, and generally results in higher > performance. Langsec makes a strong case for this in theory, but until it's been out in the world for awhile and beaten the other systems, it's aspirational. It's an excellent aspiration, no mistake, but it still needs to get to where most people writing code know what Turing machines are and what dangers they pose when misapplied. I guarantee that this is not yet the case. > We're all much happier with loops, function calls, and try/catch > than with the more "free" goto. :) Certainly after the first few times of looking at a strange goto, especially one we've written earlier for reasons unclear. > "The really important kind of freedom involves attention, and > awareness, and discipline, and effort, and being able truly to care > about other people and to sacrifice for them, over and over, in myriad > petty little unsexy ways, every day." — David Foster Wallce I believe that's, "Wallace" with two A's. Cheers, David. -- David Fetter <da...@fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fet...@gmail.com Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate _______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
