ReactOS security

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

HUMA2000
Posts: 235
Joined: Sat Nov 27, 2004 1:06 pm
Location: España, al sur con el solecito
Contact:

ReactOS security

Post by HUMA2000 » Wed Jan 26, 2005 6:26 pm

I wanna know how the security will be implemented on ROS, will it be like a unix or windows system (based on root or non-root accounts)?? or will be another way??, maybe like eros??

Dr. Fred
Developer
Posts: 607
Joined: Wed Dec 22, 2004 10:09 pm
Location: Amsterdam

Re: ReactOS security

Post by Dr. Fred » Wed Jan 26, 2005 9:30 pm

HUMA2000 wrote:I wanna know how the security will be implemented on ROS, will it be like a unix or windows system (based on root or non-root accounts)?
The fact is that we can't do like in *nix, because Ms never forced developers to make thier software non-root/admin proofed. The normal windows user would not understand why Ros, does not let him use all software we wants.

I don't know eros, but maybe it can be done like this: The user is asked to enter the admin pass when a program tries to do think that the current user is not allow to (insteed of the "you don't have the rights to do that"-prompt) :?:
Where do you want ReactOS to go today ?

HUMA2000
Posts: 235
Joined: Sat Nov 27, 2004 1:06 pm
Location: España, al sur con el solecito
Contact:

Post by HUMA2000 » Wed Jan 26, 2005 9:37 pm

Another solution is use one similar to erosOS, but i don't know is is good engouth and if it can be used... only wanna know the devs ideas ;)

anarcap
Posts: 4
Joined: Fri Jan 07, 2005 12:38 am
Location: Toronto

Re: ReactOS security

Post by anarcap » Wed Jan 26, 2005 10:20 pm

Dr. Fred wrote: The fact is that we can't do like in *nix, because Ms never forced developers to make thier software non-root/admin proofed. The normal windows user would not understand why Ros, does not let him use all software we wants.

I don't know eros, but maybe it can be done like this: The user is asked to enter the admin pass when a program tries to do think that the current user is not allow to (insteed of the "you don't have the rights to do that"-prompt) :?:
WinNT, Win2K and XP all have different user levels similiar to *nix (at least superficially, I don't know the internals of how it worked).

On XP Home, you start off as the admin user, but then you can create new users with lower access levels. I doubt that anyone actually does this, and instead leaves all the users as admin, but the option is there.

Dr. Fred
Developer
Posts: 607
Joined: Wed Dec 22, 2004 10:09 pm
Location: Amsterdam

Re: ReactOS security

Post by Dr. Fred » Wed Jan 26, 2005 10:34 pm

There is a wiki page about this. I read it a while ago.
anarcap wrote:On XP Home, you start off as the admin user, but then you can create new users with lower access levels. I doubt that anyone actually does this, and instead leaves all the users as admin, but the option is there.
Yes the option is there. And there are web sides offering tricks for using windows as normal user. But I've heard that you can get carzy if you do that to long.
Where do you want ReactOS to go today ?

frik85
Developer
Posts: 829
Joined: Fri Nov 26, 2004 7:48 pm
Location: Austria, Europe
Contact:

Re: ReactOS security

Post by frik85 » Wed Jan 26, 2005 10:42 pm

Dr. Fred wrote:There is a wiki page about this. I read it a while ago.
:arrow: http://mok.lvcm.com/cgi-bin/reactos/roswiki?Security

AcetoliNe
Posts: 115
Joined: Wed Jan 05, 2005 10:53 pm
Location: a thousand miles from Hinterland
Contact:

Post by AcetoliNe » Wed Jan 26, 2005 10:45 pm

I don't know eros, but maybe it can be done like this: The user is asked to enter the admin pass when a program tries to do think that the current user is not allow to (insteed of the "you don't have the rights to do that"-prompt)
I like that. That is definately something windows lacks, and it would be very nice for ros to implement it.
caveman LIKES chocolate.
we shall reinvent the wheel until it turns properly.

uniQ
Posts: 246
Joined: Sat Dec 04, 2004 8:58 am

Post by uniQ » Thu Jan 27, 2005 1:08 am

File access I'm almost sure will be ACL style.

-uniQ
Coming on, coming up, let me help ROS and I'll be able to look @ a life well used.

Quigs
Posts: 78
Joined: Sat Dec 04, 2004 7:24 am
Location: USA
Contact:

Active Directory

Post by Quigs » Thu Jan 27, 2005 5:24 am

I think it would be more useful as a WinNT/2000 Clone if we implemented the security Win2000 uses. So you can actually use ROS in a corporate environment, having a different security system will make it a much more difficult transitition to ROS.

Baldomero
Posts: 53
Joined: Sat Nov 27, 2004 3:42 pm
Location: Spain - Valencia

Post by Baldomero » Thu Jan 27, 2005 5:34 am

We can make ROS work with WinNT security directives, and after that, implement things that can be usefull to improve its security. I can't explain well my idea in my poor english sorry.

One time that security is compatible with WinNT, ReactOS can get implemented more ways to admin its directives, alternatives. Sorry, I can't explain it well.

uniQ
Posts: 246
Joined: Sat Dec 04, 2004 8:58 am

Post by uniQ » Thu Jan 27, 2005 6:54 am

Try, give an example or 2.

-Q
Coming on, coming up, let me help ROS and I'll be able to look @ a life well used.

ConMan
Posts: 12
Joined: Sun Dec 05, 2004 7:37 am

Post by ConMan » Thu Jan 27, 2005 8:56 am

Dr. Fred there is a feature like what you are talking about already in Windows (starting with 2000 I think). You can right click and there is the option to "Run As" which allows the user to enter another user name and password. (Allows normal users to run programs or installs as admin) I agree that security should be at least similar (hopefully better) to XP and 2000 just so that it is easier for people to use.

SirTalon
Posts: 67
Joined: Sun Nov 28, 2004 8:53 pm

Post by SirTalon » Sat Jan 29, 2005 7:47 am

Windows also requires you to have several extra services running (and hogging memory) to allow you to use 'Run As'. ROS would (should) need to implement this more like Linux where your not constantly having to use up extra resources to be able to run something as a different user.

I don't know exactly how Linux does it, but I figure its because from the kernel up it supports multiple users, and is designed to be used by multiple users at once. Linux has the ability to set executables to a certain UID (user ID) or GID (group ID) (I think that requires support in the filesystem to set that bit, that _could_ be done in ACLs?). When a file is set UID/GID, it will be run with that user's/group's privileges. This is often used for things that must be run as root, like 'su' and 'sudo' (su stands for 'switch user', it allows you start a shell (like BASH) as that user, sudo allows certain users to be able to run certain commands as a certain user, sometimes with password authentication, sometimes its not required for that specific command).

From what I've read 'Run As' doesn't actually work all that well, if thats true, the ROS devs probably wouldn't have that hard a time to do it better.

I'm about to start a class on MS Visual C++ (which will be good for learning the Windows API, I've only done C++ in Linux), I'm also in the process of learning C so I hope I'll be able to contribute some actual code eventually.

uniQ
Posts: 246
Joined: Sat Dec 04, 2004 8:58 am

Post by uniQ » Sat Jan 29, 2005 10:15 pm

On NT 5.1 all you seem need to RunAs is have the 2ndary Logon Svc running.

-Q
Coming on, coming up, let me help ROS and I'll be able to look @ a life well used.

AcetoliNe
Posts: 115
Joined: Wed Jan 05, 2005 10:53 pm
Location: a thousand miles from Hinterland
Contact:

Post by AcetoliNe » Sun Jan 30, 2005 7:45 am

Also, Run As can not be used for everything. Things like changing filetype association and system time still require you to be logged on as an administrator.
caveman LIKES chocolate.
we shall reinvent the wheel until it turns properly.

Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], Google [Bot] and 40 guests