Re: [Freedos-user] DOS and network security...

2009-06-23 Thread Marco Antonio Achury Palma
On DOS era the usual networking available was the BBS and terminal
server programs.  Someone dialing to your equipment can runs programs
on your system.  Of course you must be carefull and never give access
to dangerous programs.



2009/6/22, Pat Villani :
> You're pretty much on the right track.  FreeDOS is modeled after
> MS-DOS, which has no security features whatsoever.  And you're right,
> adding them would be confusing to users, and more than likely break
> many applications.  Isolating FreeDOS in some sort of virtualization
> such as dosemu, or a vmware type of environmet, would be about the
> easiest way of doing it.
>
> By the way, on of the toughest aspects of developing and supporting
> FreeDOS is the fact that there is no security and applications reach
> in and touch kernel data all the time.  The kernel developers have to
> deal with this all the time.
>
> Pat
>
>
> On Sun, Jun 21, 2009 at 3:55 PM, Michael
> Robinson wrote:
>> It's starting to dawn on me that although Freedos is an
>> excellent choice for being able to run most old dos programs,
>> it's a nightmare from a network security point of view.  I
>> suppose there's the option of running it on top of Linux
>> and using Linux to control where dos can go on your network,
>> but I like to run Freedos natively.  I guess I have gotten
>> so used to Linux and Windows NT environments that I am taking
>> for granted security gains that exist because there is a
>> user context.
>>
>> DOS was developed before the Internet and before network
>> security became a really big deal.
>>
>> To make dos secure would involve adding a user context to
>> all the files and requiring that people log in I suppose,
>> but that would be very confusing and I doubt it would be
>> compatible.
>>
>> I'm starting to realize that Dos based Windows which is not
>> an OS is also problematic because there's no user context.
>> 98SE supposedly has user context, but everyone is an admin.
>> Is there a way to enforce user context in 98SE to keep
>> people from willy nilly adding accounts to get around
>> the security?  Short of locking up dos mode in 98SE,
>> people can probably hack their way past anything I'd
>> do.
>>
>> Eric says that there is no censorship with Freedos because
>> everyone is an admin.  Uge!  How does one sandbox Freedos
>> properly short of running it on top of Linux?
>>
>>
>> --
>> Are you an open source citizen? Join us for the Open Source Bridge
>> conference!
>> Portland, OR, June 17-19. Two days of sessions, one day of unconference:
>> $250.
>> Need another reason to go? 24-hour hacker lounge. Register today!
>> http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
>> ___
>> Freedos-user mailing list
>> Freedos-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>
>
> --
> Are you an open source citizen? Join us for the Open Source Bridge
> conference!
> Portland, OR, June 17-19. Two days of sessions, one day of unconference:
> $250.
> Need another reason to go? 24-hour hacker lounge. Register today!
> http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
> ___
> Freedos-user mailing list
> Freedos-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>


-- 
-- 
+-+-+-+-+-+-+-+
Marco A. Achury
Tel: +58-(212)-6158777
Cel: +58-(414)-3142282
Fax: +58-(212)-2410828
Skype: marcoachury
www.geocities.com/marcoachury

--
___
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user


Re: [Freedos-user] DOS and network security...

2009-06-21 Thread Pat Villani
You're pretty much on the right track.  FreeDOS is modeled after
MS-DOS, which has no security features whatsoever.  And you're right,
adding them would be confusing to users, and more than likely break
many applications.  Isolating FreeDOS in some sort of virtualization
such as dosemu, or a vmware type of environmet, would be about the
easiest way of doing it.

By the way, on of the toughest aspects of developing and supporting
FreeDOS is the fact that there is no security and applications reach
in and touch kernel data all the time.  The kernel developers have to
deal with this all the time.

Pat


On Sun, Jun 21, 2009 at 3:55 PM, Michael
Robinson wrote:
> It's starting to dawn on me that although Freedos is an
> excellent choice for being able to run most old dos programs,
> it's a nightmare from a network security point of view.  I
> suppose there's the option of running it on top of Linux
> and using Linux to control where dos can go on your network,
> but I like to run Freedos natively.  I guess I have gotten
> so used to Linux and Windows NT environments that I am taking
> for granted security gains that exist because there is a
> user context.
>
> DOS was developed before the Internet and before network
> security became a really big deal.
>
> To make dos secure would involve adding a user context to
> all the files and requiring that people log in I suppose,
> but that would be very confusing and I doubt it would be
> compatible.
>
> I'm starting to realize that Dos based Windows which is not
> an OS is also problematic because there's no user context.
> 98SE supposedly has user context, but everyone is an admin.
> Is there a way to enforce user context in 98SE to keep
> people from willy nilly adding accounts to get around
> the security?  Short of locking up dos mode in 98SE,
> people can probably hack their way past anything I'd
> do.
>
> Eric says that there is no censorship with Freedos because
> everyone is an admin.  Uge!  How does one sandbox Freedos
> properly short of running it on top of Linux?
>
>
> --
> Are you an open source citizen? Join us for the Open Source Bridge conference!
> Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
> Need another reason to go? 24-hour hacker lounge. Register today!
> http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
> ___
> Freedos-user mailing list
> Freedos-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>

--
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
___
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user