Re: Linux-NG

To: trelane@digitasaru.net
Cc: debian-devel@lists.debian.org
Subject: Re: Linux-NG
From: Francis Whittle <fudje@subdimension.com>
Date: Mon, 30 Dec 2002 08:48:22 +1100
Message-id: <[🔎] 20021229214822.GA11439@blackberry.noxious>
In-reply-to: <[🔎] 20021229175930.GA8986@digitasaru.net>; from trelane@digitasaru.net on Mon, Dec 30, 2002 at 05:01:48 +1100
References: <[🔎] 20021229175930.GA8986@digitasaru.net>

Hi,

The first piece involves command-line scripting, which was the aim of
the article.  It would be very nice if *every program* exported the
core of the program and functionality as a set of shared libraries,
java class files, etc. and left the user interface to the executable
itself.  What would this accomplish?

First off, it would allow third parties to create new interfaces toit.


---snip---

Imagine GIMP, fully usable for image manipulation as a
text-based command.

Whaddya' mean imagine? You can already. Well perhaps not fully, butstill...


---snip---

I just don't see a detached UI like that cathcing on. Perhaps if therewere somelibrary to link to that could have like a Pass-thru API to anotherlibrary,configurable (which could be an interface to a toolkit lib, et c.),that becomesmore pheasable, but I think one of the major aspects that drives theFree Software

Community is that element of choice.

I definitely don't see command-line scripting and exported cores likethat catchingon. I mean, using interpreted languages is slow enough, let aloneexporting the

core to the calling process in order to run it.

Secondly, we could extend this to remote systems.  Either via things

such as a user-space filesystem (I can't seem to find information onitright now. I either saw it in Linux Journal or Linux Magazine withinthelast couple of months), which allows people to mount such odd thingsas

ssh-based "filesystems", or as additional shell abilities to connect
remotely and transfer data, such as, say, an xml-rpc-based tool:
xml-rpc://someplace.com/xml-rpc/exec-something < file > otherfile
or linkin xml-rpc://someplace.com/xml-rpc/somelib.1.2.3.so someplace
square=someplace.square(32)
ulink someplace
Maybe this could be done via a systemwide wrapper or lib that
recognizes protocols that the shell then hands off the work to?

Kinda' like nfs tunneled thorugh ssh, but for individual users (Ofcourse thereare other flaws in nfs), and then remote execution over the top of thatas well?

Sounds Interesting.  Dangerous, difficult, but interesting.

Thirdly, we need to examine remote connections and security.  We need
it to be as easy to the user to run something locally as it is to run
it on another system, but we also need to make sure that the system is
*secure*!  We need to look at transparent user credential exchange and
authentication systems, and possibly re-engineer our security systems
to use these.

I can see this tying in a lot with your "Secondly". You'd definitelyneed aheap of security on your connection for that kind of remote execution.Thisisn't too hard to acheive already, too (ssh tunnelling, et c. SSH inparticular

has a good keys-based system).

Finally (for now), we need to increase system security.

--- snip snip snip ---

Eventually, it'd be nice if the kernel interacted with hardware (being
paranoid all the time!) so that user credentials never get stored in
memory, nor reside anywhere directly (except in the piece ofhardware),nor get transmitted anywhere, so that even the kernel has zeroknowledgeof the user's creds. But that requires hardware firms to work withus,
so that may be a ways off.

This is a nice idea indeed, but for the truly paranoid you'd need to beableto guarantee that the hardware was not accessible. This would also, ineffect,

require kernel hooks to be extended waaaay into user-space, such that an

authentication system could simply tell the kernel (perhaps using amodule of somedescription) to open a device for a direct pipe, straight through theprocessor nomemory channels required, and _that_ would require an amount ofprocessor andchannel re-engineering. This would be a bit like turning Linux into asort of MVSand then beyond a few strides, whilst still being Linux, and it wouldonly work onsystems that are a lot like toned-down mainframes. Still, Linux'strongest strength

is its modular versatility.

I could suggest that a more credible (and somewhat more attainable)solution would beto run in the Linux VM a parallel-process kernel that reserves aspecific area ofmemory for this very purpose. This would require a threading system inthe host VM,but it could be defined like a device in the Linux kernel. It would beonlyaccessible through a two-way pipe that only accepts limit input andgives precisionoutput, and could also run a parrallel 'auth init'. Furthermore, ahard diskpartition could also be reserved for this parallel kernel, that is in aspecifichash format (And is, obviously, resizable), so that the password hashis storedoff-disk. If you want to go totally troppo, this could also use anauthenticatedkey-pair system (for transport only) to allow a defined secure networkauthenticationsystem. This system could also define secure pre-boot authenticationso that systemrecovery methods that may otherwise form a security flaw in the systemmay beconfigured to only allow authenticated users of the system (who do notnecessarilyhave super-user access) to boot using these methods -- allowing minimalcompromisewith distributing root passwords and so-forth. Of course, thefilesystem securitymethods would have to be updated a little, but what's that compared toall this?



Enough brainsplatter.
Share your thoughts.

Francis Whittle
(fudje)

Reply to:

Follow-Ups:
- Re: Linux-NG - security
  - From: Russell Coker <russell@coker.com.au>
- Re: Linux-NG
  - From: Joseph Pingenot <trelane@digitasaru.net>

References:
- Linux-NG
  - From: Joseph Pingenot <trelane@digitasaru.net>

Prev by Date: Re: grub/floppy/ext2 question
Next by Date: Re: Linux-NG - security
Previous by thread: Re: Linux-NG
Next by thread: Re: Linux-NG - security
Index(es):
- Date
- Thread