Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!apple!rutgers!ucsd!nosc!logicon.arpa!trantor.harris-atd.com!x102c!tcurrey
From: tcurrey@x102c.harris-atd.com (currey tom 76327)
Newsgroups: comp.unix.wizards
Subject: Re: Multiple Root ID's considered evil?
Message-ID: <2676@trantor.harris-atd.com>
Date: 13 Sep 89 14:45:06 GMT
References: <1723@convex.UUCP> <17601@bellcore.bellcore.com>
Sender: news@trantor.harris-atd.com
Reply-To: tcurrey@x102c.harris-atd.com (currey tom 76327)
Organization: Harris Corporation GSS, Melbourne, Florida
Lines: 12


Today, everyone is very concerned about security measures to there
machine.  It seems to me that "root" is used for system maintience
more than anything else.  I agree that the root password must be
protected, but multiple uid 0 restricted logins are very helpful and
secure.

It is easy to write a small C program that calls specific commands under
specific conditions.  Make the executable the initial shell in the /etc/passwd 
file. Bingo, a protected controlled 0 uid process.  This does assume that
there are no backdoors or calls like "exec /bin/csh" in the code.  These 
shells become a definate advantage to control privilaged operations.