Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!longway!std-unix From: sms@WLV.IMSD.CONTEL.COM (Steven M. Schultz) Newsgroups: comp.std.unix Subject: Re: Standards Update, IEEE 1003.6: Security Message-ID: <790@longway.TIC.COM> Date: 6 Jul 90 06:58:00 GMT References: <757@longway.TIC.COM> <769@longway.TIC.COM> <780@longway.TIC.COM> <786@longway.TIC.COM> Sender: std-unix@longway.TIC.COM Reply-To: sms@WLV.IMSD.CONTEL.COM (Steven M. Schultz) Organization: Contel Federal Systems Lines: 43 Approved: jsq@longway.tic.com (Moderator, John S. Quarterman) From: sms@WLV.IMSD.CONTEL.COM (Steven M. Schultz) In article <786@longway.TIC.COM> From: pkr@sgi.com (Phil Ronzone) >In article <780@longway.TIC.COM> peter@ficc.ferranti.com (Peter da Silva) writes: >>This may well be true. But for a large set of problems the existing UNIX >>security approach is quite sufficient. If you don't have the actual hardware >>secured it's overkill. > >I disagree - secure software, from the boot code on, is very effective. i have to side with Peter on this. the keywords were "large set of problems" and "quite sufficient" - that doesn't (at least to me) obviate the need for more strict security when the need arises, but for many situations just administering the systems correctly is enough. short of soldiers with M16s at a computer facility door i do not believe that software is any substitute for physical security. it's just one more password that has to be spread around (in case the SSO or whoever) goes on vacation, etc... >>Security and convenience are opposed goals, and sometimes a system >>MUST be available. agreed. >I disagree again -- I think the recent Internet worm is an example of why. now it's my turn to disagree. sheesh, why does the worm have to be brought up everytime security is discussed? it was a BUG that was exploited, and i for one do not think that adding security will do away with BUGs in software. on the contrary, as the complexity of the system is increased by the added software the number of bugs could actually increase, no? and, if people can't administer systems "correctly" now - what's going to happen when the amount of administration required increases due to the files/databasei/etc that "security" will add to the system?? Steven M. Schultz sms@wlv.imsd.contel.com Volume-Number: Volume 20, Number 104