Date: Thu, 14 Jan 2016 09:00:39 -0800 From: Hubbard Jordan <jkh@ixsystems.com> To: Mark Heily <mark@heily.com> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: relaunchd: a portable clone of launchd Message-ID: <627C5AFF-6757-404D-AF6B-A27ECF19B555@ixsystems.com> In-Reply-To: <CAGfo=8mQ3xRck_sGr%2B0g%2B9mfD8bPSauMoPK-qk-ns3-qzbtn7A@mail.gmail.com> References: <5687D3A9.5050400@NTLWorld.com> <CAGfo=8kXzNVKy9gx0jkME4iRRyrgrsfpPnW3nYrZC0gysapPcg@mail.gmail.com> <817860B6-5D67-41A3-ADD7-9757C7E67C35@gmail.com> <alpine.BSF.2.20.1601081020270.34827@nog2.angryox.com> <07D83705-D89F-4125-B57B-920EDEBC8A85@rdsor.ro> <70975696-3E07-48B9-BFD1-3C2F51E715BB@icloud.com> <E85C42D4-963B-4632-9182-E591A80D1306@rdsor.ro> <76E6AF2A-917B-41EB-883A-C27AB2BB9F71@ixsystems.com> <20160112125948.GH3625@kib.kiev.ua> <1D6BDF3C-28E7-40C4-A8A2-3A914A3CC76B@ixsystems.com> <CAGfo=8mBhCPUH8cxmo2z_GDUfknojSnyUTyBC6Wzk=BR=oA%2Big@mail.gmail.com> <66E766F4-66D5-41E1-B6E7-18E218B3711F@ixsystems.com> <CAGfo=8mQ3xRck_sGr%2B0g%2B9mfD8bPSauMoPK-qk-ns3-qzbtn7A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Jan 14, 2016, at 5:40 AM, Mark Heily <mark@heily.com> wrote: >=20 >=20 > Do you have any specific examples of how an "extensible security > trailer" would be used? securityd in OS X and how it=E2=80=99s part of the cryptographically = signed binary authentication mechanism (where only executables with = specific signatures can talk to other trusted services). You have to = have an un-spoofable and controllable startup process without race = conditions in the filesystem to do that kind of trusted IPC in a way = that=E2=80=99s =E2=80=9Cunbreakable enough=E2=80=9D to base the rest of = your security architecture on it. Again, I cannot give you direct experience with one of the oldest and = most widely deployed Mach IPC-based technologies in the world today, = that=E2=80=99s something you have to get for yourself. > Even better, can you demonstrate that Mach is > the only way to implement this concept? Of course it=E2=80=99s not the *only* way (one could arguably just = redesign something very similar to Mach but not Mach) but again, Mach = IPC already exists. Today. It=E2=80=99s been tested and vetted for = years. Any new solution would have to go through the same process, and = I certainly don=E2=80=99t see the win (or wisdom) of doing something = like that. > I'm disappointed that you would resort to this level of ad-hominem > attack. If you think that was an ad-hominem attack, you clearly have never = actually experienced one. :) I made no comments whatsoever about your = character, as an ad-hominem attack would require, but specifically said = that your arguments went to such lengths to dismiss Mach IPC as a = technology that it was like arguing with someone with such a strong bias = for some other technology (my analogy being programming languages) that = arguing was pointless, and I stand by that assertion since it so very = clearly is that, pointless. You are absolutely *determined* to rewrite things that already exist, = and that=E2=80=99s not =E2=80=9Can ad-hominem attack=E2=80=9D but a = simple observation of the facts, Mark! I=E2=80=99ve been telling you = that for some time, and your answers have always consistently added up = to =E2=80=9Cbut I don=E2=80=99t like those technologies, so I=E2=80=99m = going to do my own!=E2=80=9D and that=E2=80=99s FINE, it=E2=80=99s = absolutely something you are totally free to do, but when you go further = and try to paint your highly subjective preferences as somehow = objectively =E2=80=9Cbetter=E2=80=9D, I get annoyed because unlike you, = I can objectively point to a multi-year track record for the = technologies I=E2=80=99m championing and also make the rather = unassailable observation they already exist and have had their security = attack surfaces vetted by literally a cast of thousands, if not = millions. Those are objective truths, not subjective opinion. You=E2=80=99re not changing my mind and I=E2=80=99m obviously not = changing yours, however, so I think there would be nothing = =E2=80=9Cad-hominem=E2=80=9D about stating that this discussion in = Hackers has probably ceased to be interesting or enlightening to anyone, = though perhaps we=E2=80=99ve sold some popcorn. - Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?627C5AFF-6757-404D-AF6B-A27ECF19B555>