Linux Security flowchart

[Patrick]

Hi,

Has anyone come across a good flowchart depicting linux security ?
Something that shows linux security in flowchart form as it relates
to internet, network, internal security layers within the linux OS and
their function, etc..

THX

Patrick

[unruh]

No idea what this means. Security is not a flowchart. Security is an
attitude which prevades everything. It is like asking for a flowchart
which depicts the source code.
flowcharts are for flows. Security does not flow. It inhabits all flows
(or should)

>
> THX
>
> Patrick

[Whiskers]

On 2013-03-10, Patrick <pat...@none.com> wrote:

Draw a flowchart of security.

Is this a new koan?
<http://www.britannica.com/EBchecked/topic/320734/koan>

--
-- ^^^^^^^^^^
-- Whiskers
-- ~~~~~~~~~~

[Patrick]

When I took programming I was taught all good programs
evolved from flowcharts first.

I'm asking for a high level flowchart which illustrates iptables,
linux security layers, actions, results, logging, the chain of events.

Shouldn't be hard to do.

[unruh]

On 2013-03-14, Patrick <pat...@none.com> wrote:
> On Mon, 11 Mar 2013 02:23:05 +0000, unruh wrote:
>
>> On 2013-03-10, Patrick <pat...@none.com> wrote:
>>> Hi,
>>>
>>> Has anyone come across a good flowchart depicting linux security ?
>>> Something that shows linux security in flowchart form as it relates to
>>> internet, network, internal security layers within the linux OS and
>>> their function, etc..
>>
>> No idea what this means. Security is not a flowchart. Security is an
>> attitude which prevades everything. It is like asking for a flowchart
>> which depicts the source code.
>> flowcharts are for flows. Security does not flow. It inhabits all flows
>> (or should)
>>
>>
>>> THX
>>>
>>> Patrick
>
> When I took programming I was taught all good programs
> evolved from flowcharts first.

Programs may. Security does not.

[David W. Hodgins]

On Wed, 13 Mar 2013 22:37:02 -0400, Patrick <pat...@none.com> wrote:

> When I took programming I was taught all good programs
> evolved from flowcharts first.

You're showing your age there. :-)

I used flowcharts in the 1970s, modular organization charts and pseudo
code starting in the early 80s.

> I'm asking for a high level flowchart which illustrates iptables,
> linux security layers, actions, results, logging, the chain of events.
> Shouldn't be hard to do.

It's going to vary a lot from one installation to another, depending
on what is installed, and how the system has been configured.

So, while it could be done for a given system, it would only apply to
identically set up systems.

Regards, Dave Hodgins


--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

[crankypuss]

On 03/13/2013 08:37 PM, Patrick wrote:
> On Mon, 11 Mar 2013 02:23:05 +0000, unruh wrote:
>
>> On 2013-03-10, Patrick <pat...@none.com> wrote:
>>> Hi,
>>>
>>> Has anyone come across a good flowchart depicting linux security ?
>>> Something that shows linux security in flowchart form as it relates to
>>> internet, network, internal security layers within the linux OS and
>>> their function, etc..
>>
>> No idea what this means. Security is not a flowchart. Security is an
>> attitude which prevades everything. It is like asking for a flowchart
>> which depicts the source code.
>> flowcharts are for flows. Security does not flow. It inhabits all flows
>> (or should)
>>
>>
>>> THX
>>>
>>> Patrick
>
> When I took programming I was taught all good programs
> evolved from flowcharts first.

Pity your teachers were waterfall-development thinkers.

> I'm asking for a high level flowchart which illustrates iptables,
> linux security layers, actions, results, logging, the chain of events.
>
> Shouldn't be hard to do.
>

You don't want a flowchart, you want a block diagram of sorts, showing
the various processing levels as rings, showing the entry and exit
points for increasingly internal rings, and pointing out the validation
logic that lets information pass through those gates to the next level.

There is doubtless such a thing in existence but probably not in the
easy-to-ingest form you want... most likely it exists only in the form
of the code itself. Iterative development processes are based on
reality rather than imaginative pictures of what reality ought to be,
and pictures of how things are seldom turn out to be two-dimensional.

It's probably possible to write a program to generate the kind of
diagram you want, but almost certainly any such diagram that was not
generated from the actual code would be deceptive at best.

These might provide a useful starting point:
http://tldp.org/LDP/tlk/tlk.html
https://www.kernel.org/doc/htmldocs/device-drivers.html

[Whiskers]

On 2013-03-14, Patrick <pat...@none.com> wrote:

Show it to us when you've finished ;))

(Hint: "security" isn't a process, it's a culture).

[Patrick]

On Thu, 14 Mar 2013 05:17:47 -0600, crankypuss wrote:

> You don't want a flowchart, you want a block diagram of sorts, showing
> the various processing levels as rings, showing the entry and exit
> points for increasingly internal rings, and pointing out the validation
> logic that lets information pass through those gates to the next level.

I think if I limit the scope of the diagram to iptables, command-line, and
discretionary access controls and perhaps ACL's it would be easier to
understand the request. Rather than think some specific source code needs
to be studied.

(Internet)
|
v
(Firewall)
|
v
(Permissions)
|
v
(Monitoring)
|
v
(Logging)


Someone jotted the above up, but it needs more branches to the tree, arrows
going to deny and actions, arrows going to accept and actions, and what
control module or system is working to operate the OS safely. Just more
detail conceptually, but like I said, not a charted outline of a whole program
then.

What can you guys come up with ? I don't have a degree in Linux, of course.

THX

patrick

[unruh]

But at best that is a flow chart of access control, not of security.
Where does the defense against buffer overflow attacks via competent
programming come in such a "flowchart". Where does the "each program
does one small thing so that it can be thorougly tested" come in a
flowchart? etc. Security is not some process. Security is an attitude,
is a frame of mind of all writers who consider the security implications
of everthing they write. It is open source coding so anyone can look
over the code to find the errors ("with enough eyes, all bugs are
shallow"). How do those things fit into a flowchart?

It is precisely the belief that security can be flowcharted, that it is
some one aspect of an OS, that leads to so many problems.
There may be aspects that can be, but it is so much more than that.

[crankypuss]

I can come up with the idea of letting you come up with it while I'm off
learning what I can.

[patrick]

On Sat, 16 Mar 2013 02:30:54 -0600, crankypuss wrote:

> I can come up with the idea of letting you come up with it while I'm off
> learning what I can.

I almost can do it from what I know but I don't want to make
any mistakes.

[crankypuss]

Mistakes are what backups and testing are for. If you're determined not
to make any mistakes, you might as well call it quits.

Minimize mistakes, sure; eliminate, never. If I was going to do
anything halfway esoteric with linux security the first thing I'd do
after getting a handle on the basics is set up a hacking configuration
and beat the bejesus out of it. In your case (whatever it is you're
actually looking at doing) you could publish your schematic on a website
(as the equivalent of a mini-RFC) and let people who actually know the
subject in-depth tell you where you're mistaken... people who know the
kind of thing you're talking about absolutely /love/ to criticize. <g>

From the little I know about it (and that's real little) the biggest
hole in linux security is proprietary drivers which run as part of the
kernel; if I needed anything that ran as a blob I'd start looking at how
to modify the kernel or drop the whole subject and go do something else,
subsistence farming maybe. The second biggest hole (I'd guess) is
probably the "simple fact" that administering linux is complex and small
details can have large effects, but there's little to be done about that
other than building tools to make administration more bulletproof by
making it easier (which is always hard).

"Good luck, sucker!" <G>

[bad sector]

On 03/14/2013 08:56 AM, Whiskers wrote:

> (Hint: "security" isn't a process, it's a culture).

yesss, it begins with debilitating paranoia and if you ever find the
word trust in the dictionary then you immediately know it's not a
security dictionary. That's why I crap myself laughing at expressions
like rings of trust

[J G Miller]

On Friday, March 22nd, 2013, at 05:04:01h -0600, Crankypuss declared:

> If you're determined not to make any mistakes,
> you might as well call it quits.
>
> Minimize mistakes, sure; eliminate, never.

QUOTE

But we did not achieve what we wished, and serious mistakes
were made in trying to do so.

We will get to the bottom of this, and I will take whatever
action is called for.

But in debating the past, we must not deny ourselves the
successes of the future.

UNQUOTE

40th President of the United States of America
Address Before a Joint Session of Congress on
the State of the Union
January 27th, 1987

[unruh]

You made a mistake already, in thinking that security can be captured in
a flowchart.

[patrick]

A flowchart or block diagram is a visual tool to explain or
illustrate something. Rather than read volumes of program
and policy data, a simple picture is employed to visualize the
event(s) taking place without tech overload of details getting
in the way. It really has no limits as to what it can be used
or applied to. Sometimes they are introductory to a science,
other times they are used to summarize a science, or perhaps just
show the step by step picture of some repeated procedure.

A picture is worth a thousand words.

I learned that in college.

[Whiskers]

I wonder what a picture of unwanted events not happening, would look like.

[Richard Owlett]

Whiskers wrote:

>
> I wonder what a picture of unwanted events not happening, would look like.
>

Mona Lisa not frowning ;/

[P.S. more serious than your first impression ;/

[Martin]

lol

quote by Linus Torvalds, Google Tech Talk on git, 2007, at position 27'44":

if you have ever done any security work and it did not involve a concept
of network of trust, it wasn't security work, it was [pause] masturbation.

[Whiskers]

Would make a good start to all those frantic newspaper reports about the
countless Linux systems running smoothly for years on end.

[bad sector]

Not being a sysop my needs and obligations are fairly insignificant.
Maybe he's talking about some specific aspect of security like
encryption. For my money security is about verifiably sterile computers
& procedures & thinking out of the box, and my first suspect is
invariably the security provider if there is one :-)

[patrick]

On Fri, 22 Mar 2013 21:33:44 +0000, Whiskers wrote:

> On 2013-03-22, patrick <no...@none.com> wrote:
>> On Fri, 22 Mar 2013 17:41:36 +0000, unruh wrote:
>>
>>> On 2013-03-22, patrick <no...@none.com> wrote:
>>>> On Sat, 16 Mar 2013 02:30:54 -0600, crankypuss wrote:
>>>>
>>>>> I can come up with the idea of letting you come up with it while I'm
>>>>> off learning what I can.
>>>>
>>>> I almost can do it from what I know but I don't want to make any
>>>> mistakes.
>>>
>>> You made a mistake already, in thinking that security can be captured
>>> in a flowchart.
>>
>> A flowchart or block diagram is a visual tool to explain or illustrate
>> something. Rather than read volumes of program and policy data, a
>> simple picture is employed to visualize the event(s) taking place
>> without tech overload of details getting in the way. It really has no
>> limits as to what it can be used or applied to. Sometimes they are
>> introductory to a science, other times they are used to summarize a
>> science, or perhaps just show the step by step picture of some repeated
>> procedure.
>>
>> A picture is worth a thousand words.
>>
>> I learned that in college.
>
> I wonder what a picture of unwanted events not happening, would look
> like.

Well if you guys who are more Linux tech minded than I am
weren't so lazy minded we could come up with something
concrete, even an outline of things represented in my previous
posts, to show them Windows guys, at least, that Linux, even
at the most basic pictorial level is a convincing secure system.

Don't be so adverse to this. Work like I propose gets published in
professional mags sometimes. It could convince many using this
pictorial approach, rather than just a bunch of blarney and tech talk,
which they compare to a Windows virus program with 2 million virus
definitions which is supposed to work in real-time.

Forget about passwords, everybody has a password, how about a good
outline, not too deep, and I'll try to put the idea(s) into a 1 page
block diagram showing how strong Linux OS's are in process.

Exactly, events happening and not happening, and the picture tells why.

[Aragorn]

On Saturday 23 March 2013 07:14, patrick conveyed the following to
alt.os.linux...

> Well if you guys who are more Linux tech minded than I am
> weren't so lazy minded we could come up with something
> concrete, even an outline of things represented in my previous
> posts, to show them Windows guys, at least, that Linux, even
> at the most basic pictorial level is a convincing secure system.

I align myself with the other posters in their statement that one cannot
pour the concept of security in GNU/Linux into a comprehensible
flowchart - even if only because it's a multidimensional concept - but I
can point out a few major differences between GNU/Linux and - as what
you are referring to below - Microsoft Windows.

> Don't be so adverse to this. Work like I propose gets published in
> professional mags sometimes. It could convince many using this
> pictorial approach, rather than just a bunch of blarney and tech talk,
> which they compare to a Windows virus program with 2 million virus
> definitions which is supposed to work in real-time.
>
> Forget about passwords, everybody has a password, how about a good
> outline, not too deep, and I'll try to put the idea(s) into a 1 page
> block diagram showing how strong Linux OS's are in process.

Some of the differences are that...:

° GNU/Linux is a UNIX-style operating system, and was thus designed
from the ground up as a multi-user platform. This means that
security is an essential component of the design itself.

By contrast, Microsoft Windows was designed as a graphical user
interface, memory extender and (later on) cooperative multi-tasker
for DOS, which itself was a single-user and single-tasking system.
Later on, Windows was ported to the NT kernel - itself based upon
the VMS kernel - but it was in essence a graft, since Windows was
never designed as a multi-user operating system or even with
networking support. Therefore, all of the security and networking
functionality was an ugly bolt-on afterthought, which hooked into
the NT kernel, but all in the form of bypassable layers.

In addition to this, Microsoft embraces the vision that a computer
is used only by one person at the time, and that his one person
would be the computer's administrator. This, together with the
focus on alleged user-friendliness - i.e. "let's not make things
to difficult for the end-user" - means that security is not and
never has been a priority for Microsoft.

----------

° In GNU/Linux (and other UNIX designs) nothing is executable unless
it resides on the filesystem and has execute permission for the user
trying to execute it.

By contrast, in Windows, things are executable if they have a
filename ending in a so-called "filename extension", meaning that
the last four characters of the filename must be something like
".com", ".exe", ".cmd", ".bat", and perhaps a few others. This
in itself means that an executable attachment to an e-mail can
get executed by Windows (and used to be executed by default in
Outlook Express).

----------

° In GNU/Linux and other UNIX-like operating systems, everything is
a stream of bytes to the kernel, and a file to userspace. And
every file is stored in a inode in a filesystem, and must at a
minimum have an owner, a primary group, and POSIX permissions (for
the owning user (u), the group (g) and all others (o)), all of
which are stored in the inode. This is a requirement that all
files must meet. Security and access can then be fine-grained to
a greater degree by way of ACLs ("access control lists").

By contrast, the only access control in Windows is provided for by
ACLs, but not every file necessarily has an ACL entry, because
Windows works equally well [*] with filesystems which do not support
ACLs, such as vfat (FAT32).

GNU/Linux also supports the mounting of vfat - which does not
support POSIX permissions anymore than that it would support ACLs -
but in UNIX systems, a vfat filesystem is mounted with virtual
permissions in the virtual filesystem layer, and these virtual
permissions are set in the VFS at mount time and cannot be changed
on a per-file basis, nor can they be changed for the whole vfat
filesystem without remounting it. (They will also not be saved
to the underlying FAT/vfat filesystem of course, because those
filesystems are not POSIX-compatible and thus have no way of storing
that information.)

----------

° Microsoft Windows allows every user to write to any and all
directories on any and all volumes available to the system with the
exception of those directories which have access restrictions via
ACLs.

In GNU/Linux, an unprivileged user can only write to their home
directory, to /tmp, /var/tmp, and - if applicable on the local
machine - to /var/spool/mail/$USERNAME. Everything else is off
limits to unprivileged user accounts. (Well, with the exception
of removable non-POSIX filesystems mounted with the UID of the
user him-/herself and with virtual permissions which allow
write access to said user.

----------

° Microsoft Windows comes with every conceivable service in the system
listening on TCP/IP ports by default, and some of those services
access the internet without the consent of the user/administrator.
In fact, Windows is itself effectively spyware, because it sends
reports about your computer configuration and the software installed
on it to Microsoft every week. This is documented behavior, albeit
that it took Microsoft a while to admit to it and put a spin on it,
claiming that the data are only used "to improve your user
experience" and that "no personal data will be permanently
collected". All of this is just one of the many reasons why Windows
users need to enable a firewall.

In GNU/Linux, only the services which the system's administrator has
allowed to run at boot time (or has manually started) are actually
listening for network traffic. Every unsolicited network connection
attempt from the outside to a port which no service is listening on
is ignored by the kernel. Firewalling code is also part of the
kernel itself, and the userland firewall software for GNU/Linux is
only there to configure the firewall in the kernel via the iptables
framework.

----------

° Lastly - even though this list is probably not even complete - it
should also be mentioned that the non-NT versions of Windows - i.e.
everything up until and including Windows 95, 98 and ME, but
excluding Windows 2000 as that was NT-based - was running all
protected mode code in ring 0 of the processor, and thus there was
no privilege separation and no memory protection, plus that said
Windows versions did of course all run on top of MS-DOS, and that
as such the processor was constantly switching back and forth
between real mode and protected mode. Real mode has no memory
protection or privilege separation at all, because it's an 8086
emulation mode. This aspect was however less of importance with
regard to security than it was with regard to system stability.

(Note: i386 and later x86 processors do have a "virtual 86" mode,
which emulates the 8086 processor but does it from within protected
mode, which allows for kernel and userspace separation and for the
multitasking of "virtual 86" sessions (but without multitasking of
anything running inside of the virtual 86 session itself). x86-64
also still supports this, but only when the processor runs in legacy
mode, which means that it would be running a 32-bit operating
system. The x86-64-native 64-bit "long mode" does not support V86
anymore, so DOS emulators and the likes running inside a 64-bit OS
on x86-64 must make use of a virtual processor, emulated in
software via e.g. dosemu or Qemu. 64-bit versions of Windows have
completely dropped support for DOS applications.)


[*] For some values of "working well".

--
= Aragorn =

http://www.linuxcounter.net - registrant #223157

[Martin]

On 03/23/2013 04:00 AM, bad sector wrote:
> On 03/22/2013 10:06 PM, Martin wrote:
>> On 03/22/2013 12:28 PM, bad sector wrote:
>>> On 03/14/2013 08:56 AM, Whiskers wrote:
>>>
>>>> (Hint: "security" isn't a process, it's a culture).
>>>
>>> yesss, it begins with debilitating paranoia and if you ever find the
>>> word trust in the dictionary then you immediately know it's not a
>>> security dictionary. That's why I crap myself laughing at expressions
>>> like rings of trust
>>>
>> lol
>>
>> quote by Linus Torvalds, Google Tech Talk on git, 2007, at position
>> 27'44":
>>
>> if you have ever done any security work and it did not involve a concept
>> of network of trust, it wasn't security work, it was [pause]
>> masturbation.
>

> Maybe he's talking about some specific aspect of security like
> encryption.

He was talking about security in general when he needed a metaphor for
the merging process. It was basically a side note.

> For my money security is about verifiably sterile computers
> & procedures & thinking out of the box, and my first suspect is
> invariably the security provider if there is one :-)

Sure. But that setup is already an example of a network of trust, whith
different levels of trust even: you trust yourself more then the other
provider. :p

[cipher]

On Sat, 23 Mar 2013 09:13:57 +0100, Aragorn Inscribed upon the Golden
Tablets of Usenet thusly:

> On Saturday 23 March 2013 07:14, patrick conveyed the following to
> alt.os.linux...
>
>> Well if you guys who are more Linux tech minded than I am weren't so
>> lazy minded we could come up with something concrete, even an outline
>> of things represented in my previous posts, to show them Windows guys,
>> at least, that Linux, even at the most basic pictorial level is a
>> convincing secure system.
>
> I align myself with the other posters in their statement that one cannot
> pour the concept of security in GNU/Linux into a comprehensible
> flowchart - even if only because it's a multidimensional concept - but I
> can point out a few major differences between GNU/Linux and - as what
> you are referring to below - Microsoft Windows.

<snippage of most excellent essay>

For more insight, the OP might have a read here:

http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/





--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
)\ ( ) /( Cipher/Proud Member, Netscum Alumni Association
)-(0^^0)-( Bungmunch U./AHM Memorial Institute of F@x0r1n6/Dean
)/ \\// \( Colonel/1st Virginia Volunteers/CeSium Brigade
(oo) Registered Linux User #556617
/ ~~ \ Empire of APDD/#6-5p07/VLNOC Cohort #1407
o@o o@o Keeper of the alt.CeSium FAQ
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[crankypuss]

On 03/23/2013 12:14 AM, patrick wrote:
> On Fri, 22 Mar 2013 21:33:44 +0000, Whiskers wrote:
>
>> On 2013-03-22, patrick <no...@none.com> wrote:
>>> On Fri, 22 Mar 2013 17:41:36 +0000, unruh wrote:
>>>
>>>> On 2013-03-22, patrick <no...@none.com> wrote:
>>>>> On Sat, 16 Mar 2013 02:30:54 -0600, crankypuss wrote:
>>>>>
>>>>>> I can come up with the idea of letting you come up with it while I'm
>>>>>> off learning what I can.
>>>>>
>>>>> I almost can do it from what I know but I don't want to make any
>>>>> mistakes.
>>>>
>>>> You made a mistake already, in thinking that security can be captured
>>>> in a flowchart.
>>>
>>> A flowchart or block diagram is a visual tool to explain or illustrate
>>> something. Rather than read volumes of program and policy data, a
>>> simple picture is employed to visualize the event(s) taking place
>>> without tech overload of details getting in the way. It really has no
>>> limits as to what it can be used or applied to. Sometimes they are
>>> introductory to a science, other times they are used to summarize a
>>> science, or perhaps just show the step by step picture of some repeated
>>> procedure.
>>>
>>> A picture is worth a thousand words.
>>>
>>> I learned that in college.

What I learned in college is that reality trumps pictures every time.

>> I wonder what a picture of unwanted events not happening, would look
>> like.
>
> Well if you guys who are more Linux tech minded than I am
> weren't so lazy minded we could come up with something
> concrete,

Blame the victim, huh? Attempt to shame people into doing what you want
done? That's a pretty chickenshit approach and it says a lot about you
that you would even consider it. If the linux guys who know things you
don't are "lazy minded", then maybe you should apply your "energetic"
mind to something other than trying to get something for nothing through
playing some dumbassed morality card.

> even an outline of things represented in my previous
> posts, to show them Windows guys, at least, that Linux, even
> at the most basic pictorial level is a convincing secure system.

Who cares about "them Windows guys"? Let them remain in thrall to
Microsoft. Personally I don't like relying on the magic of wizards who
worship gold, I druther dig my own ditches.

Besides that, there are basically two kinds of "Windows guys", the kind
at Microsoft who already know what you want to preach and don't care
because what they care about is keeping secrets as a way of having power
over the wallets of others, and those outside of Microsoft who have no
information on which to base a rational comparison because Microsoft
intentionally minimizes it in order to maximize profit.

You are, imo, wasting your time, and attempting to waste our time.

> Don't be so adverse to this. Work like I propose gets published in
> professional mags sometimes. It could convince many using this
> pictorial approach, rather than just a bunch of blarney and tech talk,
> which they compare to a Windows virus program with 2 million virus
> definitions which is supposed to work in real-time.

Those who can be convinced do not need to be convinced, it's basically
that simple. Finding that a virus scanner has been pre-installed on
Windows tells you everything you need to know. Virus scanners can not
identify a previously unknown virus. Somebody, and you hope it will
have been somebody else, is going to be the first victim of an
unidentified virus. The lengths Microsoft goes to in order to make sure
nobody steals their bags of proprietary kitchen trash pretty much
guarantees that recovering from that unidentified virus is going to cost
you a lot of time and effort.

You can keep putting effort into the "reinstall Windows" exercise, over
and over and over again, or choose to put some effort into learning
something different.

> Forget about passwords, everybody has a password,

Of all the stupid things you've said in this thread, that is perhaps the
stupidest of all. Passwords of-themselves are trivial or nearly so,
passwords are not the question; the questions are (a) how many ways can
a password be delivered to the system, (b) what does a correct password
buy you, and (c) how many bad guesses does the system deal with before
it cuts you off at the knees and identifies you to the administrator.

> how about a good
> outline, not too deep, and I'll try to put the idea(s) into a 1 page
> block diagram showing how strong Linux OS's are in process.
>
> Exactly, events happening and not happening, and the picture tells why.
>

Sorry, you have entered too many bad questions, and I am cutting you off
at the knees as an idiot troll.

[crankypuss]

In the security culture there is no such thing as paranoia because they
really are out to get you. The Murphy's Law of security is a lot like
the Murphy's Law of reliability: leave a window open and shit will come
through it, period, guaranteed, fact of life.

There really are such things as "rings of trust" but they are misnamed,
what they are is more "rings of ownership". At the outermost ring you
don't own anything, you are dealing with equals and there you are polite
and you follow convention. Once you have entered the next inner ring
you are on your own property, you can reasonably yell at others and
chase them away because they are trespassing in your domain. Once they
step into the next ring they are inside your home and you can go beyond
yelling at invaders to physically ejecting or even killing them.

The thing that makes these rings of empowerment into rings of trust (so
to speak) is who stands on whose ground and who holds the shotgun;
ownership provides control of power, and being a guest implies that you
trust your host.

[crankypuss]

Maybe Linus was speaking in terms of performance; kernel code runs too
many times to perform extensive validity checking against everything;
while the system/user interface level can be unstintingly rigid in the
validity checking they perform, each successively inner layer must
either trust that it is receiving valid parameters, pay the performance
price of re-validation, or crumble into unreliability. Trust circles
are basically the same concept as putting frequently used code into
libraries, only turned inside-out.

[bad sector]

On 03/23/2013 07:36 AM, crankypuss wrote:
> On 03/22/2013 05:28 AM, bad sector wrote:
>> On 03/14/2013 08:56 AM, Whiskers wrote:
>>
>>> (Hint: "security" isn't a process, it's a culture).
>>
>> yesss, it begins with debilitating paranoia and if you ever find the
>> word trust in the dictionary then you immediately know it's not a
>> security dictionary. That's why I crap myself laughing at expressions
>> like rings of trust
>>
>
> In the security culture there is no such thing as paranoia because they
> really are out to get you. The Murphy's Law of security is a lot like
> the Murphy's Law of reliability: leave a window open and shit will come
> through it, period, guaranteed, fact of life.

No contest there

> There really are such things as "rings of trust" but they are misnamed,
> what they are is more "rings of ownership". At the outermost ring you
> don't own anything, you are dealing with equals and there you are polite
> and you follow convention. Once you have entered the next inner ring
> you are on your own property, you can reasonably yell at others and
> chase them away because they are trespassing in your domain. Once they
> step into the next ring they are inside your home and you can go beyond
> yelling at invaders to physically ejecting or even killing them.
>
> The thing that makes these rings of empowerment into rings of trust (so
> to speak) is who stands on whose ground and who holds the shotgun;
> ownership provides control of power, and being a guest implies that you
> trust your host.

As so often is the case we're not talking about the same things. I'm
neither a sysop nor 'even' a dev. :-)

Although I have done a good bit of Perl and Amiga basic back in another
life what computer security is to me is rudimentary and revolves around
fire axe approaches protecting mostly personal data. Basically what
isn't there cannot be exploited, there being little else to ponder.

[J G Miller]

On Saturday, March 23rd, 2013, at 05:36:21h -0600, Cranky Puss explained:

> In the security culture there is no such thing as paranoia because they
> really are out to get you.

As was clearly proven just days ago.

<http://www.linuxandlife.COM/2013/03/linux-wiper-malware-used-in-s-korean.html>

And here is a good reason why one should answer the telephone at home.

<http://arstechnica.COM/security/2013/03/security-reporter-tells-ars-about-hacked-911-call-that-sent-swat-team-to-his-house/>

[Patrick]

On Sat, 23 Mar 2013 05:12:41 -0600, crankypuss wrote:

> Sorry, you have entered too many bad questions, and I am cutting you off
> at the knees as an idiot troll.

That's OK, some excellent info was rec'd anyway.

Still working on the best way to do this. As my previous flowcharts
were generally considered quite excellent with alot of utility.

If I had a diagram of a baseball diamond, and the ball was hit to third base
with a runner on first. The first runner was thrown out at second, but the
batter reached first safe. So if I could create a diagram of DAC's working
similarly I'd be happy someday. Not alot of time this week. Oh well.

thanks for the responses.

patrick

[bad sector]

On 03/23/2013 06:06 AM, Martin wrote:

> Sure. But that setup is already an example of a network of trust, whith
> different levels of trust even: you trust yourself more then the other
> provider. :p

Touché, I'll have to work on not trusting myself even :-)