Re: [Freedos-user] DOS and network security...
On DOS era the usual networking available was the BBS and terminal server programs. Someone dialing to your equipment can runs programs on your system. Of course you must be carefull and never give access to dangerous programs. 2009/6/22, Pat Villani : > You're pretty much on the right track. FreeDOS is modeled after > MS-DOS, which has no security features whatsoever. And you're right, > adding them would be confusing to users, and more than likely break > many applications. Isolating FreeDOS in some sort of virtualization > such as dosemu, or a vmware type of environmet, would be about the > easiest way of doing it. > > By the way, on of the toughest aspects of developing and supporting > FreeDOS is the fact that there is no security and applications reach > in and touch kernel data all the time. The kernel developers have to > deal with this all the time. > > Pat > > > On Sun, Jun 21, 2009 at 3:55 PM, Michael > Robinson wrote: >> It's starting to dawn on me that although Freedos is an >> excellent choice for being able to run most old dos programs, >> it's a nightmare from a network security point of view. I >> suppose there's the option of running it on top of Linux >> and using Linux to control where dos can go on your network, >> but I like to run Freedos natively. I guess I have gotten >> so used to Linux and Windows NT environments that I am taking >> for granted security gains that exist because there is a >> user context. >> >> DOS was developed before the Internet and before network >> security became a really big deal. >> >> To make dos secure would involve adding a user context to >> all the files and requiring that people log in I suppose, >> but that would be very confusing and I doubt it would be >> compatible. >> >> I'm starting to realize that Dos based Windows which is not >> an OS is also problematic because there's no user context. >> 98SE supposedly has user context, but everyone is an admin. >> Is there a way to enforce user context in 98SE to keep >> people from willy nilly adding accounts to get around >> the security? Short of locking up dos mode in 98SE, >> people can probably hack their way past anything I'd >> do. >> >> Eric says that there is no censorship with Freedos because >> everyone is an admin. Uge! How does one sandbox Freedos >> properly short of running it on top of Linux? >> >> >> -- >> Are you an open source citizen? Join us for the Open Source Bridge >> conference! >> Portland, OR, June 17-19. Two days of sessions, one day of unconference: >> $250. >> Need another reason to go? 24-hour hacker lounge. Register today! >> http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org >> ___ >> Freedos-user mailing list >> Freedos-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/freedos-user >> > > -- > Are you an open source citizen? Join us for the Open Source Bridge > conference! > Portland, OR, June 17-19. Two days of sessions, one day of unconference: > $250. > Need another reason to go? 24-hour hacker lounge. Register today! > http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org > ___ > Freedos-user mailing list > Freedos-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freedos-user > -- -- +-+-+-+-+-+-+-+ Marco A. Achury Tel: +58-(212)-6158777 Cel: +58-(414)-3142282 Fax: +58-(212)-2410828 Skype: marcoachury www.geocities.com/marcoachury -- ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
Re: [Freedos-user] DOS and network security...
You're pretty much on the right track. FreeDOS is modeled after MS-DOS, which has no security features whatsoever. And you're right, adding them would be confusing to users, and more than likely break many applications. Isolating FreeDOS in some sort of virtualization such as dosemu, or a vmware type of environmet, would be about the easiest way of doing it. By the way, on of the toughest aspects of developing and supporting FreeDOS is the fact that there is no security and applications reach in and touch kernel data all the time. The kernel developers have to deal with this all the time. Pat On Sun, Jun 21, 2009 at 3:55 PM, Michael Robinson wrote: > It's starting to dawn on me that although Freedos is an > excellent choice for being able to run most old dos programs, > it's a nightmare from a network security point of view. I > suppose there's the option of running it on top of Linux > and using Linux to control where dos can go on your network, > but I like to run Freedos natively. I guess I have gotten > so used to Linux and Windows NT environments that I am taking > for granted security gains that exist because there is a > user context. > > DOS was developed before the Internet and before network > security became a really big deal. > > To make dos secure would involve adding a user context to > all the files and requiring that people log in I suppose, > but that would be very confusing and I doubt it would be > compatible. > > I'm starting to realize that Dos based Windows which is not > an OS is also problematic because there's no user context. > 98SE supposedly has user context, but everyone is an admin. > Is there a way to enforce user context in 98SE to keep > people from willy nilly adding accounts to get around > the security? Short of locking up dos mode in 98SE, > people can probably hack their way past anything I'd > do. > > Eric says that there is no censorship with Freedos because > everyone is an admin. Uge! How does one sandbox Freedos > properly short of running it on top of Linux? > > > -- > Are you an open source citizen? Join us for the Open Source Bridge conference! > Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. > Need another reason to go? 24-hour hacker lounge. Register today! > http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org > ___ > Freedos-user mailing list > Freedos-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freedos-user > -- Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
[Freedos-user] DOS and network security...
It's starting to dawn on me that although Freedos is an excellent choice for being able to run most old dos programs, it's a nightmare from a network security point of view. I suppose there's the option of running it on top of Linux and using Linux to control where dos can go on your network, but I like to run Freedos natively. I guess I have gotten so used to Linux and Windows NT environments that I am taking for granted security gains that exist because there is a user context. DOS was developed before the Internet and before network security became a really big deal. To make dos secure would involve adding a user context to all the files and requiring that people log in I suppose, but that would be very confusing and I doubt it would be compatible. I'm starting to realize that Dos based Windows which is not an OS is also problematic because there's no user context. 98SE supposedly has user context, but everyone is an admin. Is there a way to enforce user context in 98SE to keep people from willy nilly adding accounts to get around the security? Short of locking up dos mode in 98SE, people can probably hack their way past anything I'd do. Eric says that there is no censorship with Freedos because everyone is an admin. Uge! How does one sandbox Freedos properly short of running it on top of Linux? -- Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user