From owner-freebsd-hackers@freebsd.org Thu Jan 14 17:00:42 2016 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 57FE8A81B43 for ; Thu, 14 Jan 2016 17:00:42 +0000 (UTC) (envelope-from jkh@ixsystems.com) Received: from barracuda.ixsystems.com (mail.ixsystems.com [69.198.165.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.ixsystems.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3876F1B11 for ; Thu, 14 Jan 2016 17:00:41 +0000 (UTC) (envelope-from jkh@ixsystems.com) X-ASG-Debug-ID: 1452790840-08ca042abd561880001-P5m3U7 Received: from mail.iXsystems.com ([10.2.55.1]) by barracuda.ixsystems.com with ESMTP id JiwehFykdnRAueoy (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 14 Jan 2016 09:00:40 -0800 (PST) X-Barracuda-Envelope-From: jkh@ixsystems.com X-Barracuda-RBL-Trusted-Forwarder: 10.2.55.1 X-ASG-Whitelist: Client Received: from [10.8.0.50] (unknown [10.8.0.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.iXsystems.com (Postfix) with ESMTPSA id 8508DA2095; Thu, 14 Jan 2016 09:00:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ixsystems.com; s=newknight0; t=1452790840; bh=WZyFU1n9ejIjfOKUZ9zwjDrLmIbqZtRIUMsSLUmOo74=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=IufKSlPHC+F3RQA/Gwo+g3fg+BmIrmgLUI/TI06qyDokaA37WX1Hebmz167GzphjT xKhYn7w49ApF9jc+hs/V6pvvHez65OLnUJ2l/UAGGt/4Pg+qf6sSILgKNTmyjpziCf oSm0IdaarJbzCeWTA7L694AoBdlcLV4RppT50s8Q= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3117\)) Subject: Re: relaunchd: a portable clone of launchd From: Hubbard Jordan X-ASG-Orig-Subj: Re: relaunchd: a portable clone of launchd In-Reply-To: Date: Thu, 14 Jan 2016 09:00:39 -0800 Cc: FreeBSD Hackers Content-Transfer-Encoding: quoted-printable Message-Id: <627C5AFF-6757-404D-AF6B-A27ECF19B555@ixsystems.com> References: <5687D3A9.5050400@NTLWorld.com> <817860B6-5D67-41A3-ADD7-9757C7E67C35@gmail.com> <07D83705-D89F-4125-B57B-920EDEBC8A85@rdsor.ro> <70975696-3E07-48B9-BFD1-3C2F51E715BB@icloud.com> <76E6AF2A-917B-41EB-883A-C27AB2BB9F71@ixsystems.com> <20160112125948.GH3625@kib.kiev.ua> <1D6BDF3C-28E7-40C4-A8A2-3A914A3CC76B@ixsystems.com> <66E766F4-66D5-41E1-B6E7-18E218B3711F@ixsystems.com> To: Mark Heily X-Mailer: Apple Mail (2.3117) X-Barracuda-Connect: UNKNOWN[10.2.55.1] X-Barracuda-Start-Time: 1452790840 X-Barracuda-Encrypted: DHE-RSA-CAMELLIA256-SHA X-Barracuda-URL: https://10.2.0.41:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at ixsystems.com X-Barracuda-BRTS-Status: 1 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 17:00:42 -0000 > On Jan 14, 2016, at 5:40 AM, Mark Heily wrote: >=20 >=20 > Do you have any specific examples of how an "extensible security > trailer" would be used? securityd in OS X and how it=E2=80=99s part of the cryptographically = signed binary authentication mechanism (where only executables with = specific signatures can talk to other trusted services). You have to = have an un-spoofable and controllable startup process without race = conditions in the filesystem to do that kind of trusted IPC in a way = that=E2=80=99s =E2=80=9Cunbreakable enough=E2=80=9D to base the rest of = your security architecture on it. Again, I cannot give you direct experience with one of the oldest and = most widely deployed Mach IPC-based technologies in the world today, = that=E2=80=99s something you have to get for yourself. > Even better, can you demonstrate that Mach is > the only way to implement this concept? Of course it=E2=80=99s not the *only* way (one could arguably just = redesign something very similar to Mach but not Mach) but again, Mach = IPC already exists. Today. It=E2=80=99s been tested and vetted for = years. Any new solution would have to go through the same process, and = I certainly don=E2=80=99t see the win (or wisdom) of doing something = like that. > I'm disappointed that you would resort to this level of ad-hominem > attack. If you think that was an ad-hominem attack, you clearly have never = actually experienced one. :) I made no comments whatsoever about your = character, as an ad-hominem attack would require, but specifically said = that your arguments went to such lengths to dismiss Mach IPC as a = technology that it was like arguing with someone with such a strong bias = for some other technology (my analogy being programming languages) that = arguing was pointless, and I stand by that assertion since it so very = clearly is that, pointless. You are absolutely *determined* to rewrite things that already exist, = and that=E2=80=99s not =E2=80=9Can ad-hominem attack=E2=80=9D but a = simple observation of the facts, Mark! I=E2=80=99ve been telling you = that for some time, and your answers have always consistently added up = to =E2=80=9Cbut I don=E2=80=99t like those technologies, so I=E2=80=99m = going to do my own!=E2=80=9D and that=E2=80=99s FINE, it=E2=80=99s = absolutely something you are totally free to do, but when you go further = and try to paint your highly subjective preferences as somehow = objectively =E2=80=9Cbetter=E2=80=9D, I get annoyed because unlike you, = I can objectively point to a multi-year track record for the = technologies I=E2=80=99m championing and also make the rather = unassailable observation they already exist and have had their security = attack surfaces vetted by literally a cast of thousands, if not = millions. Those are objective truths, not subjective opinion. You=E2=80=99re not changing my mind and I=E2=80=99m obviously not = changing yours, however, so I think there would be nothing = =E2=80=9Cad-hominem=E2=80=9D about stating that this discussion in = Hackers has probably ceased to be interesting or enlightening to anyone, = though perhaps we=E2=80=99ve sold some popcorn. - Jordan