From: Paul Koning
while Unix is reasonably secure, application writers
have managed to
create massive numbers of security holes that have nothing to do with
defects of the OS, and aren't cured by a better OS.
On a secure system (i.e. OS plus underlying hardware), _nothing_ an
application does (whether merely buggy, or guidely malevolent) can i) write
data it's not supposed to have write access to, ii) read such data, iii)
interfere with any another application, etc, etc.
Google '"Roger Schell" oral history', and read that, and the other
he mentions there. (By itself, it's a very entertaining and educational read,
even if you ignore the others. It contains an interesting discssion on his
contributions to the security mechanisms of the x86 - which I expect Intel
will someday ditch, because nobody is using them - just like they apparently
ditched segmentation in the latest x86 chips because nobody is using it.
Yes, a buggy application won't work right, and may crash, but there's no way
to prevent that (although better languages, and programming style, can help a