P. Christeas wrote:
Just my humble opinion on this:
- One reason Unix security model is still around is that it is
simple. ACLs and such need more administration and are more likely to be configured wrong.
That is absolutely true. Plus it is much easier to see who has what permissions in the Unix model. It gets even worse with ACLs when you have SMB share permissions as well. You can't tell very easily what the effective permissions are for each user.
Unix, on the other hand, is compulsory (you *have* to set the permissions everywhere) and simple. In modern kernels (I use 2.6) you can also have more detailed permissions (ACLs, capabilities etc.) but they don't seem to be popular.. 2. Wine now runs in userspace, needing no privileges to operate. That's great because it protects itself both from bas win32 apps and bugs Wine may have. If it needed to obtain more system power, it would have to be in rootland. I wouldn't feel comfortable knowing that a win32 app runs on my system with some kind of root privileges.
I don't feel comfortable running any non-essential programs as root or Administrator. I certainly don't run Internet Explorer or Outlook as Administrator. However, I think Wine will have the capability to host Windows services in the near future and they may need to be run as root.
- There is a certain tradeoff between letting those
permission-hungry apps (I recently came across an app that wanted to form its own ICMP packets) and being secure.
That is exactly the situation SELinux is suited for. It has an even finer grained control of privileges than Windows and would allow you to grant the user a limited set of "root" privileges that are needed for it to complete its task without giving the user the ability to write to '/'.
IMHO restricting userspace apps is one reason Unix is secure (eg. no programmer will try to write an app that stores its data at '/' catalog, win apps may require write to 'C:' or 'C:\windows').
No programs that write to 'C:' or 'C:\Windows' would be installed by me on my own machine or on the company networks I have worked on. No programmer on Unix or Windows (in this day and age) should assume that it can write anywhere but the user's home directory. From a security model perspective Unix and Windows NT have the same level of security. Where they differ in security is that Windows tends to have so much more code exposed to potential attackers compared to most Unix systems.
I prefer being secure.
Rob