ch21.htm

Maximum Security (First Edition) 网络安全 英文版

described as similar to authentication using MIT's Kerberos. Kerberos is a method
of authenticating network connections and requests. To perform this authentication,
Kerberos examines secret, ciphered keys belonging to the user. Passwords in Plan
9 are therefore never passed across the network. This greatly enhances the security
of the operating system. Moreover, user programs are reportedly never run as processes
on the file server, and processes that are run belong to the individual user. Root
does not exist.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>To examine the internal
	workings of Kerberos (and the procedural execution of authentication), visit <A HREF="http://www.pdc.kth.se/kth-krb/doc/kth-krb_2.html"><TT>http://www.pdc.kth.se/kth-krb/doc/kth-krb_2.html</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>Discarding the concept of root was an excellent idea. The majority of serious
cracking techniques rely on exploiting programming weaknesses in processes that run
as root. In Plan 9, there is no root, and therefore, no such processes.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>To my knowledge, there has not yet
	been extensive focus on Plan 9 security outside the confines of Lucent Technologies
	(previously AT&amp;T). Therefore, it is not known whether there are security flaws
	inherent in Plan 9's design. The only thing that qualifies as a known bug at this
	point (those who use it have thus far been pretty quiet) is that users can sometimes
	log in as user <TT>none</TT> from a remote connection. I suspect that in the future,
	as Plan 9 becomes more well known, various attacks will be instituted against the
	system and bugs will likely surface. 
<HR>


</BLOCKQUOTE>

<P>In short, Plan 9 security is an area yet to be explored. Nonetheless, in terms
of its network implementation and its basic design, Plan 9 already presents significant
roadblocks to the cracker. Certainly, typical advanced techniques of attacking UNIX
servers will probably fail when implemented against Plan 9. The future, however,
remains to be seen.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>I cannot stress the importance of
	the concept of life without root. Nearly all operating systems evaluated as secure
	maintain some concept of a root operator. The concept of root concentrates all the
	power in a single place on the system. If a cracker can gain root, the struggle of
	penetrating security is over. However, I should quickly point out that the absence
	of root on a Plan 9 system does not mean that an administrator is not needed. In
	fact, in certain respects, Plan 9 transforms the job of system administrator into
	one of architect. In short, Plan 9 is designed for vast--if not massive--management
	of network resources. Although still in the experimental stages, Plan 9 could change
	the architecture of the Internet and with it, the concepts surrounding acceptable
	security policies and implementations. 
<HR>


</BLOCKQUOTE>

<H3><FONT COLOR="#000077"><B>Applications Available for Plan 9</B></FONT></H3>
<P>Admittedly, there are few native Plan 9 applications, but the list is growing.
Remember: Plan 9 is an entirely new operating system, so the number of applications
depends on how many individuals actually use the system.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>A caveat: The licensing restrictions
	set forth by Bell Labs makes it very difficult to create commercial applications
	for Plan 9. The licensing scheme has cast Plan 9 into a position of being available
	only from Bell Labs at a high price and without hope in the near future of complete
	commercialization. For now, therefore, Plan 9 remains largely under the purview of
	researchers and hobbyists who are willing to shell out $300 for the system and documentation.
	Many freelance programmers protest this situation, arguing that Plan 9 ought to have
	licensing restrictions similar to those that apply to Linux. After all, why would
	someone develop on a platform that may ultimately be barred from commercialization?
	The answer is this: People would undertake such development for the pure pleasure
	of discovering and hacking a new system. However, many hobbyists are unwilling to
	pay the stiff licensing fee for the entire system. 
<HR>


</BLOCKQUOTE>

<P>Despite some licensing restrictions with Plan 9, some important applications have
already been written:

<UL>
	<LI>An HTTPD server
	<LI>Text editors
	<LI>A version of MIT's X Window system
</UL>

<P>Moreover, the basic distribution of Plan 9 comes with a wide range of utilities
and even a native Web browser called <I>Mothra</I>. Mothra may not be as colorful
and user friendly as Netscape Navigator or Microsoft Internet Explorer, but it works
quickly and efficiently. In fact, Plan 9 possesses few user-friendly features. It
is a largely text-based environment. It is more practical than attractive, and many
elements of its design are of significant interest to programmers.
<H4><FONT COLOR="#000077"><B>SAM</B></FONT></H4>
<P>The most prominent native application for Plan 9 is the SAM editor, which is a
straight ASCII text editor with a twist. It has a command language that can be used
to process repetitive tasks (much like a macro language, I suppose, but a bit more
defined). On the surface, SAM operates in much the same way UNIX-based text editors.
File names (single or multiple) can be specified on the command line. This loads
the file(s) into a windowed area. There, the text can be clipped, pasted, cut, altered,
edited, and saved.</P>
<P>Like most UNIX-based text editors, SAM does not support multiple fonts, style
sheets, or other amenities common to modern word-processing environments. In fact,
Plan 9 would be a poor choice for anyone who relies on such amenities, for they do
not exist within the system at this time.</P>
<P>The SAM command language operates mainly on regular expressions and is suitable
for inserting, deleting, finding, replacing, and so on. These functions are generally
called by a single character, followed by your intended text. In other words, the
text to be found, replaced and so forth.</P>
<P>In short, SAM appears very bare bones, but really isn't. Learning the SAM command
language takes a day or so, although you might need several weeks to become proficient.
<H3><FONT COLOR="#000077"><B>Plan 9's Window System</B></FONT></H3>
<P>Plan 9 has a window system called 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT>.
After the system boots, it asks whether you want to load the window system. If you
choose this option, 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT>
appears. On first examination, 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT>
looks extremely rudimentary (far more so than X, even). The opening screen presents
one term window and a clock. Navigation is done largely with the mouse.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>TIP:</B></FONT><B> </B>To fully utilize the 8<FONT SIZE="1"><SUP>
	1</SUP></FONT>/<FONT SIZE="1">2</FONT> windowing system, you need a three-button
	mouse. A two-button mouse will work, but you will lack at least one menu and some
	serious functionality. 
<HR>


</BLOCKQUOTE>

<P>To size<B> </B>a window, click any portion of the blank screen. This invokes a
menu with options including Size, Move, Delete, and Hide. After you choose an option,
click the target window. For both the hide and delete functions, the window behaves
as it would in X; it disappears or is deleted. However, for the move and size functions,
you must work a little differently. After choosing the menu option, click the window
once. Then, instead of directly sizing or moving the window, click the black screen
again (this time with the right mouse button) and redraw your window. This may initially
seem awkward, but you'll get used to it.</P>
<P>8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT> is extremely lightweight.
Even on a machine with 8MB of RAM, 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT>
responds quickly. On a Pentium 133 with 64MB of RAM, 8<SUP>1</SUP>/2 is incredibly
fast.</P>
<P>8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT> is more dynamic than
most other windowing systems. You can grab any text anywhere and use it as a command.
In this regard, 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT> could
be called the ultimate cut-and-paste system. Text identifying objects (which is often
read only on other platforms) can be grabbed at any point and dropped into any other
part of 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT>. In fact, this
feature is so prominent that new users may find themselves grabbing things without
even knowing it. In addition, as part of this functionality, the cursor can be placed
anywhere within a window. This is a significant change. Users of X and Microsoft
Windows alike will find this feature to be fascinating. For example, although you
can cut and paste from an XTERM or a MS-DOS windowed prompt, you cannot arbitrarily
drop the cursor in any area and pick up typing again. In 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT
SIZE="1">2</FONT>, you can.</P>
<P>I suppose 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT> can best
be described as a window system optimized for programmers. Code and other data can
be moved at any time from any position. But perhaps the most fascinating thing about
8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT> is that you can recursively
run an instance of 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT> within
an 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT> window. To my knowledge,
this functionality is indigenous only to 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT
SIZE="1">2</FONT>. No other windowing system can perform such a task. (Funny. Although
this is an extraordinary feature, I have not yet encountered a reason to use it.)</P>
<P>The learning curve on 8<FONT SIZE="1"><SUP> 1</SUP></FONT>/<FONT SIZE="1">2</FONT>
amounts to a day or two at most. If you are familiar with any implementation of X
(or more directly, if you have ever used SunView), learning 8<FONT SIZE="1"><SUP>
1</SUP></FONT>/<FONT SIZE="1">2</FONT> will be simple. To some extent, 8<FONT SIZE="1"><SUP>
1</SUP></FONT>/<FONT SIZE="1">2</FONT> reminds me of SunView.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>SunView, a windowing system introduced
	in early versions of SunOS (the operating system created by Sun Microsystems), is
	extremely lightweight and, even on SunOS 4.1.3, is faster than Sun's later windowing
	system, OpenWindows. OpenWindows is enormously popular among Sun users, although
	it is perhaps slower--and not as visually stunning--as the Common Desktop Environment
	(CDE), a new windowing system jointly developed by many UNIX vendors. 
<HR>


</BLOCKQUOTE>

<H2><FONT COLOR="#000077"><B>Programming in Plan 9</B></FONT></H2>
<P>Ultimately, I would recommend Plan 9. If you are a programmer and are looking
for a new and exciting operating system to develop on, Plan 9 is for you. It is exciting
primarily because of its unusual design. And, although it is not UNIX, it has enough
UNIXisms that UNIX users can hit the ground running. Moreover, the unique networking
capabilities of Plan 9 present new opportunities for programmers.</P>
<P>Programming in Plan 9 is not limited to C, though the real Plan 9 distribution
does come with a native C compiler. This C compiler is designed to accommodate code
for all the supported architectures, including (but probably not limited to)

<UL>
	<LI>IBM (Intel X86)
	<LI>SPARC
	<LI>68020
	<LI>MIPS
</UL>

<P>The compiler accepts straight ANSI C, but be forewarned: If you have avoided learning
some of the newer conventions, you may encounter difficulties. Rob Pike has written
a paper describing Plan 9 C compiler usage. I highly recommend reading that paper
in its entirety before attempting to code any serious application on the Plan 9 platform.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>Rob Pike's paper, titled
	&quot;How to Use the Plan 9 C Compiler,&quot; can be found online at <A HREF="http://kbs.cs.tu-berlin.de/~jutta/c/plan9c.html"><TT>http://kbs.cs.tu-berlin.de/~jutta/c/plan9c.html</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>If you plan to concentrate on porting applications to or from Plan 9, check out
the ANSI-POSIX Environment (APE). The APE features a wide range of POSIX tools.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>An excellent technical
	overview of APE written by Howard Trickey (&quot;APE--The ANSI/POSIX Environment&quot;)
	can be found online at <TT>http://plan9.bell-labs.com/plan9/doc/ape.html</TT>.<BR>
	
<HR>
</P>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>POSIX stands for Portable Operating