Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!ccut!titcca!cc.titech.ac.jp!necom830!mohta
From: mohta@necom830.cc.titech.ac.jp (Masataka Ohta)
Newsgroups: comp.unix.internals
Subject: Re: Complex security mechanism is unsecure
Message-ID: <6948@titcce.cc.titech.ac.jp>
Date: 18 Dec 90 14:01:45 GMT
References: <6922@titcce.cc.titech.ac.jp> <18826@rpp386.cactus.org> <18827@rpp386.cactus.org>
Sender: news@cc.titech.ac.jp
Organization: Tokyo Institute of Technology
Lines: 25

In article <18826@rpp386.cactus.org>
	jfh@rpp386.cactus.org (John F Haugh II) writes:

>That's a pretty big collection of files, but making the owner "root"
>does not make the collection smaller.

Smaller? It is not my opinion. My opnion is, it is less complex.

>This isn't news.

This is the news.

In article <18827@rpp386.cactus.org>
	jfh@rpp386.cactus.org (John F Haugh II) writes:

>>Then, for example, think about a case where NFS mounted file system
>>is exported with root access converted to nobody (but, uucp to uucp,
>>daemon to daemon). Then, list what system administrators should take care.

>How about starting with exporting the file system read-only and only
>to systems which are properly administered.

Nice start. Please continue, until you recognize it complex.

					Masataka Ohta