[danengel]

I heard from a friend that Apple had to put some "weird hacks" into OS X to get Classic running. Any thoughts or information?

Apple must provide Classic compatibility for the next few years, or some people won't like them. However, other people don't want to have "weird hacks" on their servers and other critical systems either.

[wataru]

Originally posted by danengel:
I heard from a friend that Apple had to put some "weird hacks" into OS X to get Classic running. Any thoughts or information?

Apple must provide Classic compatibility for the next few years, or some people won't like them. However, other people don't want to have "weird hacks" on their servers and other critical systems either.

OS 9 is incredibly secure, mostly because it hardly has any network services to compromise. That hasn't changed, so no, I don't think Classic has any effect on security in OS X.

[danengel]

I rather thought it's because Classic needs access to the hardware or low-level services. For example, can a Classic application access all files regardless of permissions?

[wataru]

Originally posted by danengel:
I rather thought it's because Classic needs access to the hardware or low-level services. For example, can a Classic application access all files regardless of permissions?

I meant OS 9 as a standalone OS. As such, it's so secure that the army replaced a whole bunch of computers with Macs a couple years ago.

I don't use Classic much, so I don't know how permissions are handled. But it seems that it could only be more secure as "Classic" than as regular OS 9.

[Chuckit]

Originally posted by danengel:
I rather thought it's because Classic needs access to the hardware or low-level services. For example, can a Classic application access all files regardless of permissions?

Classic applications can't directly interface with hardware, as far as I know, but they do get access to any file on your hard drive.

So yes, running Classic is a bit insecure.

[danengel]

Classic applications can't directly interface with hardware, as far as I know, but they do get access to any file on your hard drive.

So a non-privileged process could create a Classic binary (e.g. in /tmp) which would then have root-like access to all files? Oh my...

[proton]

Classic applications do not have complete access to any files (certainly not in Panther). Classic runs as a standard process called TruBlueEnvironment, and runs as the UID of the user running Classic. You can verify that Classic can not access root owned files by attempting to open your shadow password hash directory using IE or Netscape in classic.

The shadow hash files are located at file:///Macintosh%20HD/private/var/db/shadow/ if your had disk is called "Macintosh HD", substitute the name of your hard disk if necessary.

- proton

[macvillage.net]

Classic is pretty contained, becuase as said before, it's not very networking savvy.

Think about it:

For desktops - don't want users doing anything goofy in classic, just don't install OS 9. IIRC there were some mods to "break" Classic from working as well.

For servers - Classic is just a container. Can't do much of anything.


Classic isn't really worth worrying about. It was an extremely secure OS. And most places where problems can arise, were closed by Apple... that's why some Apps exhibit some odd behavior in classic mode. And many control panels won't open. Classic isn't 100% complete like booting in OS 9 is... it's just the basic stuff.


So yes, it is secure.

[Chuckit]

Originally posted by proton:
Classic applications do not have complete access to any files (certainly not in Panther).

Really? I stand corrected. I know Classic used to be able to access anything it felt like -- I specifically checked this out. I haven't used Classic in Panther yet, though, so I suppose Apple was a step ahead of me.