Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!sharkey!teemc!mibte!gamma!thumper!faline!hill
From: hill@faline.bellcore.com (Chris Hill)
Newsgroups: comp.unix.wizards
Subject: Re: Getting rid of the root account
Keywords: Security
Message-ID: <2267@faline.bellcore.com>
Date: 8 Jun 89 15:48:24 GMT
References: <106326@sun.Eng.Sun.COM> <4315@ficc.uu.net> <16597@rpp386.Dallas.TX.US> <1961@ubu.warwick.UUCP> <16638@rpp386.Dallas.TX.US> <10370@smoke.BRL.MIL>
Reply-To: hill@faline.UUCP (Chris Hill)
Organization: Bellcore MRE
Lines: 19

John Haugh II writes:
>Oh - I've yet to read a text on programming which ever stated that it
>was possible to create a program of the size of an operating system
>which has no bugs.
>-- 

This is the crux of the matter: the problem is not just one of
security, but of writing code without errors which jeopardize
security.  It is currently not possible to verify the amount
of code required for programs as large as operating systems.
Since it is impossible to write error free code, it is impossible
to create a completely secure system.  Of course, it gets worse
than that: not only must the OS be proveably correct, the hardware
must be also - it must react in and ONLY in a predictable manner
to all possible stimuli.  Discuss ways to maximize security, but
(for the time being) forget finding/eliminating ALL the loop holes.

Chris Hill
chris@nyquist.bellcore.com