Path: utzoo!attcan!uunet!ncrlnk!ncr-mpd!Chuck.Phillips From: Chuck.Phillips@FtCollins.NCR.COM (Chuck.Phillips) Newsgroups: comp.sys.amiga.tech Subject: Re: AmigaOS/UNIX - A Suggestion Message-ID: Date: 28 Oct 90 08:10:13 GMT References: <606@macuni.mqcc.mq.oz> <15069@cbmvax.commodore.com> <643@macuni.mqcc.mq.oz> <914@boing.UUCP> Sender: uucp@ncr-mpd.FtCollins Organization: NCR Microelectronics, Ft. Collins, CO Lines: 59 In-reply-to: dale@boing.UUCP's message of 25 Oct 90 14:49:13 GMT >>>>> On 25 Oct 90 14:49:13 GMT, dale@boing.UUCP (Dale Luck) said: Dale> In article <643@macuni.mqcc.mq.oz> ifarqhar@sunc.mqcc.mq.oz.au (Ian Farquhar) writes: > >Secondly, few people have pointed out the basic security flaw in Amiga >UNIX: anybody with a fairly simple program can access *anything* in the >UNIX partition as long as this program can read sectors from the disk >under AmigaOS. ... Dale> Don't know why this worries you and security on suns does not worry Dale> you? It has the exact same security flaw. With few exceptions, computers from PCs to multi-million dollar mainframes can be compromised by a knowlegable user with enough access to boot the system from their own media. Only in the last few years have systems requiring a password to boot become commonly available and then usually as an added cost option. The problem is you have to be able to initially load the operating system somehow. If you are able to do this, you can load something else instead. Dale> Anyone that can write programs to access the /dev/sd?? can do this Dale> too so what is the difference? I can write programs to access /dev/sd??, but unless I'm _already_ root, they won't buy me much. Most UNIX systems provide limited access to disk devices by default. I'd bet yours are only writable by root and have limited read access unless you've deliberately changed permissions while logged in as root. But in any case, the boot hole remains. Dale> There is no difference between the two machines in this regard. There _is_ a difference, but unless you paid the extra $$ for secure SunOS or are using a password protected boot prom, the difference isn't _huge_. The problem with AmigaOS and most single user OS's, is that all users (since there is no concept of multiple users) have the equivalent of UNIX's root permissions, making compromise that much easier. Dale> Conversely as long as you can keep a user from hitting L1-A on his Dale> sun workstation and rebooting -s you also will not have this security Dale> problem. L1-A rebooting can easily be turned off, though it's often not done in practice for a good reason: What happens if the boot disk gets corrupted and you _need_ to be able to do a special reboot to recover? The best protection is to keep hostile users away from your machine. Most of the alternatives will cost you some money. Perhaps boot EPROMS should be offered as an option for the security concious, perhaps with an encrypted serial number. ;^) "It's like deja vu all over again." - Yogi Berra #include -- Chuck Phillips MS440 NCR Microelectronics chuck.phillips%ftcollins.ncr.com 2001 Danfield Ct. Ft. Collins, CO. 80525 ...uunet!ncrlnk!ncr-mpd!bach!chuckp