particle systems – seminary talk

Wednesday, June 10th, 2009

Today it was my turn to hold a talk at a uni seminar called “How to make a PIXAR movie“. The seminary was about the basics in various subjects of computer graphics. For the talk I have prepared a little particle engine written in Java and OpenGL to demonstrate the influence of some common factors. I don’t have time to clear up the sourcecode right now, but I’ll upload it here soon. For now, my slides will have to do:

slides (.pdf, 895KB, german)

thoughts about user space security

Sunday, April 19th, 2009

As a first real post in here, I’ve got something that has had me thinking for a while.

With most operating systems if you talk security you generally mean the possibility of malicious code breaching either the barrier from external to user space or the next step from user space to system.

While these two barriers are perfectly all right for server systems where only once in a while a real user is doing work in an interactive session, the picture is completely different in the desktop area.

If you are setting up a server properly you make decisions about which program is allowed to do what and you have code in place to enforce such limitations. You will hardly ever run any code that you don’t fully trust.

On a desktop in contrast you generally have a very limited set of users (<2 on average) per machine who want to see as little as possible about any security stuff. Therefore most desktop software (considering anything from windows, kde, gnome, …) only makes sure that no code in the userspace is run by accident or against the users will, and that if such code is run, it has no way to modify essential parts of the system. But what any user space code (be it malicious or not) can do is to interfere with the users personal files. In the linux/unix environment this applies to the entire home folder with settings for many applications but most importantly private files such as photos, documents, …

Although Windows doesn’t store these settings directly in something like the home folder (which is already a lot more intelligent than the linux way of mixing settings and personal files) it also doesn’t really limit what an application run by user X can do with files belonging to user X.

This basically means any application that is launched by the user can delete all his personal files without the operating system ever complaining!

I think additionally to the current approach of keeping “bad” code from being executed, it is also necessary to limit any damage that could result in running the code.

This leads me to my idea of

Fractional user space rights management

  • Each user has one folder for personal files and working data and one for settings these should be distinct!
    Foreign settings are considered personal files for any other application.
  • Per default only the filemanager (Explorer, Nautilus, …) should have access to all of the files in the home folder
  • each application has its own folder in the settings, there could also be folders for groups of applications that share settings
    In this folder only the application has rights to read and write. (with exception of user authorized actions or the filemanager)
  • If an application wants to access personal files it needs to have the rights to access them. This right doesn’t come per default.
    To acquire such rights, an application has several choices:

    • show an open dialog provided by the operating system, choosing a file or directory there automatically grants the rights
      the same would happen if an application is launched through the filemanager
    • ask the user to define exceptions for this program or check for such (e.g. an image viewer should have read access to all personal files)
    • for convenience I would add a command that can grant rights for console applications. This would be a bit similar to “sudo” e.g.:
      homedo┬╣ rw * command

      would launch ‘command’ with read/write access for all files in the current working directory after asking for authorization
      similar to gksudo there could of course also be an interactive version of this.

  • For convenience, there could be a “relaxed” mode to limit the number of authorizations needed this mode would only limit write access but allow any read access to happen

Of course I know that this idea is rather revolutionary and that there are quite a few spots where it is rather vague (especially backend implementation and restriction enforcement). The biggest obstacle is probably not on the technical side but rather communication the need for such a system to the user and making it as transparent as possible. I think there are quite a few people who have already disabled windows vistas security system called “UAC” (I even know one computer science student who has done it, but I’m not gonna put down that name here *g*)

Ok I guess I should leave it at that, quite a lot of text for a first post ;)

┬╣ give credit where credit is due, Maxi ( came up with that command is coming back

Saturday, April 18th, 2009

Nothing much Nothing at all has happened here since I left for my trip to Australia in summer 2006. I finally came round to start building a new site which I intend to maintain a little more. This is the second attempt to revive this project of mine, let’s see how it goes ….

Stay tuned.. or maybe dont