From: frantz@netcom.com (Bill Frantz)
Date: Sun, 17 Nov 1996 16:18:36 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: ideal secure personal computer system
Message-ID: <199611180018.QAA10981@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:24 AM 11/16/96 -0600, Igor Chudov @ home wrote:
>Bill Frantz wrote:
>> Protection against strangers walking up to your machine and using it is
>> nice, and easy to do.  Protection against viruses which install Trojan
>> horses in your system would also be nice, but is very hard to do in systems
>> where programs run with all the privileges of their users.  Examples
>> include (in alpha order): DOS, MacOS, Unix, and Windows (including NT).
>
>I wonder what are the operating systems where programs may be run with
>_less_ privileges than the user who starts them? Is VMS one of such 
>systems?

Ah, you touch on 20+ years of my professional life.  KeyKOS is such a
system as is EROS, a similar system being developed at University of
Pennsylvania.  See:

http://www.cis.upenn.edu:80/~eros/
http://www.cis.upenn.edu/~KeyKOS/
http://www.agorics.com/agorics/allkey.html - For KeyKOS documentation.

In general these systems provide an execution environment where programs
only have access to the resources they need.  Think of it as a Unix chroot
jail which is specifically designed for each program.  Then add controlled
communication links back to the user's terminal and you get the idea. 
Unless a program has a need to write the system file, it won't have the
privilege, even if it's user does have the privilege.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA