Re: You're much mistaken

Post #133,435 by deSitter 1/3/04 9:28:42 PM Reply	Re: You're much mistaken As I said, this is done with the glommed-on idea of access tokens - it's not a hierarchy of processes as in UNIX. I don't consider the former to be multi-user, and neither do OS theorists. -drl
Post #133,511 by Arkadiy 1/4/04 12:14:02 PM Reply	What does hiererchy of processes have to do with it? And, btw, you can emulate hierarchy with process groups. Not nice, but possible. -- "It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)" -- James Lileks
Post #133,516 by deSitter 1/4/04 12:54:51 PM Reply	Re: What does hiererchy of processes have to do with it? Because it guarantees that a process will have a determinate user context. As you know, there are floating "NT_AUTHORITY" and "SYSTEM" contexts in NT that are only there so legacy code can run. Plus, there is no simple way to isolate everything executing in a given context in NT - you have to slog through all the processes and get their access tokens. NT was deliberately not built with a determinate user context so that legacy code would run. Eric Raymond wrote a FAQ about UNIX programming, I think he talks about it in there. He points out that because of all the compromises related to legacy code, NT become practically impossible to make secure. The boundaries are "too porous" as he put it. In a real multi-user system, the user context is always known and determinate. To give a practical example, suppose I want to immediately remove a user from a UNIX system. I remove his login, find his top-level processes and terminate them, and he's gone. In NT, you make a change to the user database, this has to propagate everywhere, his processes still run until they quit. Because there is no determinate user context, he fades away. -drl
Post #133,578 by Arkadiy 1/4/04 8:42:31 PM Reply	I am not sure what NT_AUTHORITY is But System is a very definite context. It has all rights of Adminstartor account on a local machine and no rights on the network. It has no user name/password associated with it, so users cannot log in on it. Legacy is indeed a major problem for Windows, but it's mostly in GUI and SMB code. Avoid both, and you should be OK. On single NT or Unix machine, you remove the user the same way: disable login and terminate processes. It's immaterial whether you jave to kill all processes or "top-level" processes: in practice, in Unix and NT you keep killing till there is nothing to kill. And yes, NT knows who started the processes. On multi-machine installations, such as NIS or NT Domain, you disable the user in the central database and it may or may not have to propagate. Apples to apples, please. -- "It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)" -- James Lileks
Post #133,620 by FuManChu 1/5/04 1:55:07 AM Reply	Except: But System is a very definite context. It has all rights of Adminstrator account on a local machine and no rights on the network. It has no user name/password associated with it, so users cannot log in on it. That's not the same thing as saying users can't execute code under its authority. Just run a service as System. I was one of the original authors of VB, and I wouldn't use VB for a text processing program. :-) Michael Geary, on comp.lang.python
Post #133,630 by Arkadiy 1/5/04 7:18:30 AM Reply	RIght you are -- "It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)" -- James Lileks
Post #133,631 by pwhysall 1/5/04 7:20:06 AM Reply	Bottom line If you can start a service, you can start it as System. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]

Welcome to IWETHEY!