undefined | Better HN

0 pointsDylan168078y ago0 comments

You can't blame com.apple.loginwindow for that. The security boundary is at the login processing. If it processes requests differently from certain systems then it's misbehaving. If we wanted to make this secure we would only need to carefully craft it, and even if com.apple.loginwindow was the most complex heap of bugs in the world it wouldn't matter.

0 comments

michaelmcmillan8y ago

> The security boundary is at the login processing. If it processes requests differently from certain systems then it's misbehaving.

Which is my point. More code, more complexity, more bugs. If you are correct, the security boundary you are referring to got stretched out to accommodate a separate system.

As for your strategy on separating concerns and carefully crafting important code – don't you think that's what they originally had in mind when they first designed it?

Dylan16807OP8y ago

I don't think the security boundary was actually expanded, I think it had a hole punched in it. I doubt the bulk of com.apple.loginwindow was coded to enforce that particular security at all.

loginwindow is not doing the wrong thing because it's complex. It's doing the wrong thing because that was never its job.

> don't you think that's what they originally had in mind when they first designed it?

Probably, but they didn't fail because loginwindow itself was complex. They failed either for systemic reasons that would have happened with simple or complex code, or they failed because the actual secure part was too complex. That's why I think total complexity is the wrong thing to look it; it may or may not correlate with those two real causes.

michaelmcmillan8y ago

"Systemic reasons" sounds a lot like complexity to me. Do you have a counterexample of a simple system that blew up like this due to systemic reasons?

2 more replies

j / k navigate · click thread line to collapse

0 comments

michaelmcmillan8y ago

> The security boundary is at the login processing. If it processes requests differently from certain systems then it's misbehaving.

Which is my point. More code, more complexity, more bugs. If you are correct, the security boundary you are referring to got stretched out to accommodate a separate system.

As for your strategy on separating concerns and carefully crafting important code – don't you think that's what they originally had in mind when they first designed it?

Dylan16807OP8y ago

I don't think the security boundary was actually expanded, I think it had a hole punched in it. I doubt the bulk of com.apple.loginwindow was coded to enforce that particular security at all.

loginwindow is not doing the wrong thing because it's complex. It's doing the wrong thing because that was never its job.

> don't you think that's what they originally had in mind when they first designed it?

michaelmcmillan8y ago

"Systemic reasons" sounds a lot like complexity to me. Do you have a counterexample of a simple system that blew up like this due to systemic reasons?

2 more replies

j / k navigate · click thread line to collapse