ch21.htm

Maximum Security (First Edition) 网络安全 英文版

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Ch 21 -- Plan 9 from Bell Labs</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch20/ch20.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch22/ch22.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">21</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">Plan 9 from Bell Labs</FONT></H1>
</CENTER>
<P>Almost thirty years ago, the team at Bell Labs (now Lucent Technologies) changed
the world by developing what would later become the most popular networked operating
system in history. From then until now, UNIX has ruled the Internet. Even if that
were the only contribution ever made by Bell Labs personnel, it would have been sufficient.
They would been have been held in high regard as having achieved something truly
useful and important. As any programmer will tell you, however, the contributions
from Bell Labs kept coming.</P>
<P>In the early 1990s, the folks at Bell Labs were still busy. This time, however,
they had more than 25 years of experience under their belts. With that experience,
they challenged themselves to create the <I>ultimate</I> networked operating system.
Did they succeed? You bet. It is called <I>Plan 9 from Bell Labs</I>.
<H2><FONT COLOR="#000077"><B>The Basics</B></FONT></H2>
<P>The team at Bell Labs (which includes such heavy-duty names as Ken Thompson and
Dennis Ritchie) were reportedly dissatisfied with the then-current trends in computer
technology. They realized that hardware considerations made networking a difficult
proposition, one that didn't always work out in terms of cost effectiveness or performance.
Hardware dependencies and proprietary design make networking more of a forced environment
than a truly fluid, easy one. By <I>forced environment</I>, I mean that dozens of
often disparate and incompatible protocols, drivers, and software are patched together
to provide a shaky and sometimes unreliable integration of networks.</P>
<P>Alas, although the Internet may sometimes be referred to as a miracle of distributed
computing, it isn't. The current system works only because we have forced the TCP/IP
stack upon a handful of architectures (many that were never designed to run these
protocols). Thus, the Internet has the <I>appearance</I> of being an amalgamated,
united network. On closer examination, however, it is clear that the Internet is
exploiting only a very meager portion of the networking power at its disposal.</P>
<P>Consider this: FTP is one of the most commonly used techniques to move information
from one place to another. When a user transfers a file via FTP, he is a <I>remote</I>
user, accessing some resource on a server in the void. The word <I>remote</I> is
the key feature here. It denotes a condition wherein the user is isolated. To access
the resources at the other end, the user must perform several actions (these may
include initiating the FTP session, unzipping the file, placing it in the proper
directory, and so on). FTP therefore places the user at arm's length. The use of
the resource does not occur in a fluid environment.</P>
<P>Similarly, and to an even greater extent, HTTP isolates the user. True, it appears
to the user as though he is working interactively with a Web site, but he isn't.
In fact, HTTP may isolate the user more than any other network protocol. For example,
you are not logged in as you are with Telnet or FTP. In fact, you are connected only
for the brief periods--seconds, actually--necessary for your client to relate which
resources it needs. This is the farthest thing from a traditional shared network
environment.</P>
<P>In contrast, suppose that instead of retrieving a file and placing it in your
physical location, you simply want to use the file momentarily. This is sometimes
achieved through file sharing in proprietary network environments (environments where
a directory or a file can be attached to the local machine). In such cases, the resource
appears and behaves as though it is on the local machine. This technique is more
akin to true, networked computing. It is a one-step process.</P>
<P>Now imagine an operating system that was designed to interface in this manner
with many different types of systems and hardware, an operating system that could
provide this real networking to hundreds (or even thousands) of workstations, irrespective
of hardware constraints. Imagine an operating system that makes FTP directories of
remote machines appear as local directories (regardless of where the target server
may be located). If you can imagine this, you are well on your way to understanding
the basic characteristics of Plan 9.
<H3><FONT COLOR="#000077"><B>What Plan 9 Is Not</B></FONT></H3>
<P>Plan 9 is not UNIX, or any variant thereof. But if you install the demo distribution,
you may initially be confused on this point. At first glance, it looks a lot like
UNIX (particularly when you make a directory listing). Make no mistake, though. Plan
9 is an entirely new operating system. As explained in the Plan 9 from AT&amp;T Bell
Laboratories FAQ:

<DL>
	<DD>Plan 9 is itself an operating system; it doesn't run as an application under
	another system. It was written from the ground up and doesn't include other people's
	code. Although the OS's interface to applications is strongly influenced by the approach
	of UNIX, it's not a replacement for UNIX; it is a new design.
</DL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>Visit the Plan 9 FAQ <A HREF="http://www.ecf.toronto.edu/plan9/plan9faq.html"><TT>http://www.ecf.toronto.edu/plan9/plan9faq.html</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>Despite the fact that Plan 9 is an entirely different operating system, it does
retain some of the look and feel of UNIX. There is still a shell (called <TT>rc</TT>)
and that shell appears much like the popular shells available in most distributions
of UNIX. Files, for example, can still be displayed in a UNIX-like long format, along
with their attending permissions. Moreover, one can still differentiate between files
and directories using the standard <TT>-F</TT> switch (in fact, many of the stock
UNIX commands are available and most of these behave pretty much as they do on a
UNIX box). However, the resemblance to UNIX is largely superficial. The underlying
operating system works very differently.</P>
<P>One of the chief differences is the way that Plan 9 treats objects (objects in
this case being directories, files, processes, and so forth). Under Plan 9, all objects
are treated as files. This technique has been implemented in UNIX as well (for example,
UNIX treats many devices as files), but not to the extent that it has in Plan 9.
<H3><FONT COLOR="#000077"><B>Machines That Run Plan 9</B></FONT></H3>
<P>The reported architectures include

<UL>
	<LI>MIPS
	<LI>SPARC
	<LI>68020 (NeXT)
	<LI>IBM compatibles
</UL>

<P>It is reported in the Plan 9 from AT&amp;T Bell Laboratories FAQ that various
ports are also underway for the following systems:

<UL>
	<LI>SGI Indy
	<LI>DEC Alpha
	<LI>PowerPC
	<LI>DECstation 2100 and 3100
</UL>

<P>My experience with installing the Plan 9 distribution has been on the IBM compatible
platform. As you will see, I went through several generations of hardware before
landing on the right combination.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>If you intend to install
	Plan 9 as a hacking project, you would do well to visit <A HREF="http://www.ecf.toronto.edu/plan9/clone.html"><TT>http://www.ecf.toronto.edu/plan9/clone.html</TT></A>.
	This page describes the hardware that was used at Bell Labs, and will provide you
	with a nice guideline of hardware that is known to work with Plan 9. 
<HR>


</BLOCKQUOTE>

<H2><FONT COLOR="#000077"><B>Some Concepts</B></FONT></H2>
<P>Plan 9 was designed from the beginning as a networked operating system. As such,
the concepts behind it relate more to networking than to the needs of the individual
user. Its defining characteristics are the ways in which it handles networking. As
noted in the press release for the product:

<DL>
	<DD>The Plan 9 system is based on the concept of distributed computing in a networked,
	client-server environment. The set of resources available to applications is transparently
	made accessible everywhere in the distributed system, so that it is irrelevant where
	the applications are actually running.
</DL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>Find the press release
	from which the preceding paragraph is excerpted at <A HREF="http://www.lucent.com/press/0795/950718.bla.html"><TT>http://www.lucent.com/press/0795/950718.bla.html</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>To understand how the Plan 9 system differs from other networked operating systems,
examine Figure 21.1.</P>
<P><A NAME="01"></A><A HREF="01.htm"><B>FIGURE 21.1.</B></A> <BR>
<I>The typical network configuration (without Plan 9).</I></P>
<P>The typical network configuration (the one most often seen in offices) uses a
file server and a series of workstations. Each of the workstations is outfitted with
a host of hardware and software (hard disk drives, adequate memory, a windowing system,
and so forth) that provides it with the necessary power and networking to connect.
System administrators and other, administrative personnel will recognize this setup
to be an expensive one.</P>
<P>Because the computer industry has enjoyed tremendous growth (particularly in the
last few years), network designs like the one shown in Figure 21.1 are common. Nodes
on such networks are usually Pentiums or PowerPCs. You may own such a network yourself.
If you do, consider this: Is it necessary that you have such a powerful machine at
each node? Or, could it be that this type of configuration is a profligate waste
of enormous CPU power? For example, how much CPU power does the accounting department
actually require? It depends on what operating system you are running. If you are
running DOS-based applications over NetWare, the accounting department doesn't need
much power at all. However, if you are running Windows 95, it will need speed and
memory.</P>
<P>That speed and memory, by the way, is being eaten purely by features that make
your platform prettier and more user friendly. In practice, the average accounting
task done in a DOS-based application would be barely noticeable to a Pentium processor.
Contrast that with accounting done in Microsoft Excel on the Windows 95 platform.
In reality, processor-intensive tasks requiring real power might include tasks like
compiling large programs in C++. These tasks, even in a DOS environment, can tax
a processor.</P>
<P>So the first point is this: Modern network design wastes processor power by dispersing
it, often where it is not most needed. But there are other key disadvantages to this
typical network implementation. One is that files are strewn throughout the network,
many of them deposited on this or that hard disk drive. How many times have you encountered
the following situation:

<DL>
	<DD><B>1. </B>A machine along the network fails.<BR>
	<BR>
	<B>2. </B>The machine that failed has a file vital to office operations.<BR>
	<BR>
	<B>3. </B>You recover that file (usually by depositing the hard disk drive from the
	failed machine into another, operable one, or by performing a restore).
</DL>

<P>If you have never encountered this situation, consider yourself lucky. I have
seen it happen many times. Also, because users often store files locally (on their
own workstation), employees must file share and therefore, their machines must always
trust each other.</P>
<P>Plan 9 takes a totally different approach. In Plan 9, the jobs of processing and
file storage and separated, as are the machines that perform these tasks (see Figure
21.2).</P>
<P><A NAME="02"></A><A HREF="02.htm"><B>FIGURE 21.2.</B></A> <BR>
<I>The Plan 9 networking concept.</I></P>
<P>Note the CPU server in Figure 21.2. This would typically be a very powerful machine
(probably multiprocessor) that would provide CPU services to remote workstations
or terminals. This is complemented by a file server.</P>
<P>This system has some important advantages. First, there is centralized control
of files. This has obvious security advantages. Centralized file control also allows
easier management of files. Moreover, it provides an environment in which permissions
may be easily viewed and alteration of files may be more readily detected.</P>
<P>Also (though this has little to do with security), as mentioned in the Plan 9
documentation, this centralized file management is of benefit to a programming team.
Project management is more easily accomplished and the system offers a sense of community
for the programming team.</P>
<P>Moreover, the Plan 9 system performs without a root operator. Users must be authenticated
to gain access to privileged files or processes, and this authentication has been