Hacker News new | past | comments | ask | show | jobs | submit login

Err. All operating systems suffer from that problem.



No. Systems that rely on encrypted and signed credentials to perform login theoretically do not suffer from that problem: case in point, the Windows SAM had hashed that seem to preclude if limited to NTLM decryption save for brute-forcing, which itself is curtailed by salting the hashes — but if those hashes are removed by offline editing to the SAM, the system allowed access. A system that did not allow removing the hashes because the file system is encrypted and/or because signing made the tampering visible (itself evaluated by TPM-style verification) would be conceptually not vulnerable to this line of attack (implementation flaws notwithstanding).


Windows has support for full-disk encryption using a passphrase or physical key. It also supports Secure Boot.

I don't see what that has to do with multi-user systems though. If your argument is that we could have the Secure Boot system ask for the passphrase and tie the entire box to a single user... then you're missing out on most of the current point of multi-user systems.

The first is that many companies actually do have multiple people using the same machines. Not at the same time, but at different times. This needs auditing - i.e. a multi-user system.

The second is, again, auditing - when a system administrator runs a command on a system remotely, they do it as their own user.

The third is security (combined with auditing) - various service processes get run in different user contexts so that they can't mess with the user's stuff unless they're allowed to, and they have their own user ID that anything they do happens under.

Operating systems aren't built for home users, they're built for companies, in almost all cases, and stripping out the multi-user framework would change the OS to be unrecognisable. Just stripping out the authentication part doesn't buy you much complexity reduction either.


I must have expressed myself unclearly.

(First though: Windows now supports full disk encryption and secure boot. It certainly did not when I and it parted ways back in the days of XP SP1 circa 2002.)

I was not implying that the secure pass phrase/secure boot/etc be considered the basis for a secure mobile OS. Much the contrary. Multi-user systems with privilege hierarchies are fundamental aspects of how we now architect even our single-user devices. (Discussing whether another system is possible, desirable, and/or whether we could have or will eventually go down that route is midway between hypothetical and counter-factual.)


We were talking of actual single user systems in practice, tablets, smartphones and similar are usually single user devices and even in corporate many laptops are used as desktop replacement by single employees...


You mentioned PCs originally, hence the confusion.

In any case, I believe Android uses the multi-user features of Linux as a security mechanism (and building a new kernel from scratch might not have led to Android being a major player - ARM companies already knew how to write device drivers for Linux), although it could reasonably use an object-capability system under a more focused kernel.


Never mind that it even today is way down the list of probable attack scenarios for most personal computers.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: