https://lwn.net/Articles/9620/ This is a special feed containing comments posted to the individual LWN article titled "Multics security, thirty years later". en-us Sun, 28 Sep 2025 05:17:52 +0000 Sun, 28 Sep 2025 05:17:52 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/15309/ https://lwn.net/Articles/15309/ chorning I'd like to say this entire article is FUD. Having worked on Multics in the early 80's at MIT and been a hardcore &quot;hacker&quot; (the Multics core) I can say Multics is a _lot_ larger than a Linux kernel.. The ring 0 controller is about 700k in memory, but the ring 1 and 2 controllers are huge. The Honeywell Project and Multics were started to solve any possible security problems that the engineers could think of. It ran slow as all users were alloted processor time and memory whether they were logged in or not, as this could be used as a discrete channel.<p>Just to give you an idea of the size of Multics, in 1982 MIT spent over 7 million dollars on storage alone for the machine the famous Rochlis tapes were archived from (last known good copy of the Multics source) and it had a little over 4 gigabytes of storage.<p>3 things that Linux can learn from Multics:<br>1) Security costs performance<br>2) Security is inversely proportional to useability<br>3) Operating Systems are not political statements, They are for running programs.<p>-C. Hornig, hardcore hacker '79-84 Tue, 12 Nov 2002 20:07:07 +0000 https://lwn.net/Articles/9865/ https://lwn.net/Articles/9865/ Baylink Well, I will be dipped in shit.<p>The Thompson hack (placing a backdoor in the *compiler*) related in "Reflections on Trusting Trust" actually came directly from the Multics project.<p>Who knew? Sun, 15 Sep 2002 03:09:48 +0000 https://lwn.net/Articles/9864/ https://lwn.net/Articles/9864/ Baylink And, of course, there are some things that are next to impossible to achieve easily or cleanly in a language where you cannot reasonably perform real-time memory allocation and string sizing... Sun, 15 Sep 2002 02:25:59 +0000 https://lwn.net/Articles/9760/ https://lwn.net/Articles/9760/ AnswerGuy I think the real advances in OS security have been KeyKOS and EROS. KeyKOS is dead (as far as I know). However, EROS is under active development and more can be learned about it at: <a href="http://www.eros-os.org/" >http://www.eros-os.org/ </a> Fri, 13 Sep 2002 10:37:07 +0000 https://lwn.net/Articles/9700/ https://lwn.net/Articles/9700/ Greyfox While it's pretty easy to code a buffer overflow in C, it is much harder to do it in C++ as long as you don't treat it as just a better C. Use the C++ features now available and it is very easy to avoid the buffer overflow issue completely.<p>Of course, C++ programs can easily explode in size and template programming has some very esoteric aspects. I would like to see the usual set of servers coded in C++, though. I'd be far more inclined to trust them over the current batch of C servers.<p>As far as "Small is Beautiful," if my memory serves me correctly, I seem to recall that there is a dicipline of Japanese painting in which the artist expresses the nature of the object in as few brush strokes as possible. Programming tends to be as artistic an exercise as it is a scientific one, and would seem to follow this form of art. Thu, 12 Sep 2002 15:42:47 +0000 https://lwn.net/Articles/9654/ https://lwn.net/Articles/9654/ beejaybee Yeah, well, when I started programming seriously (about 1975) I was told in no uncertain terms that if it wouldn't run in 16K (24-bit words - NOT on multics h/w), it wasn't worth writing.<p>Things have moved on a bit since then, but "small is beautiful" is obviously still a worthwhile concept. Plain straightforward common sense suggests than the bigger a chunk of code is, the more likely it is to contain bugs - and security holes.<br> Thu, 12 Sep 2002 09:37:48 +0000 https://lwn.net/Articles/9649/ https://lwn.net/Articles/9649/ oldtoss Not that bitness should have a great deal of influence on code size, but FYI Multics used 36 bit hardware (4 9-bit bytes). It isn't clear whether the authors allowed for the difference in byte width, so let's make that 706.5K to err on the safe side. Multics still comes out vastly less bloated. Remember also the Multics hardcore needed much *more* memory management code (relative to i386) to work with a much more primitive MMU. So, now you all know the facts, please don't perpetuate the old FUD about bloat. Thu, 12 Sep 2002 08:07:31 +0000 https://lwn.net/Articles/9642/ https://lwn.net/Articles/9642/ smoogen I was wondering about one line quoted above:<p> ...the ring 0 supervisor of Multics of 1973 occupied about 628K bytes of executable code and read-only data. This was considered to be a very large system. By comparison, the size of the SELinux module with the example policy code and read-only data has been estimated to be 1767K bytes.<p>I am not sure if this is an apples and oranges comparison. One the two architectures used different instruction widths. Second, the number of instructions are comparable. If they were able to code the Multics code for an Intel processor/hardware and get the same size then I think the comparison would be valid. Thu, 12 Sep 2002 03:34:08 +0000