Path: utzoo!attcan!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!execu!sequoia!rpp386!jfh From: jfh@rpp386.cactus.org (John F Haugh II) Newsgroups: comp.unix.internals Subject: Re: Complex security mechanism is unsecure Message-ID: <18840@rpp386.cactus.org> Date: 18 Dec 90 23:27:44 GMT References: <6922@titcce.cc.titech.ac.jp> <18826@rpp386.cactus.org> <18827@rpp386.cactus.org> <6948@titcce.cc.titech.ac.jp> Reply-To: jfh@rpp386.cactus.org (John F Haugh II) Organization: Lone Star Cafe and BBS Service Lines: 45 X-Clever-Slogan: Recycle or Die. In article <6948@titcce.cc.titech.ac.jp> mohta@necom830.cc.titech.ac.jp (Masataka Ohta) writes: >In article <18826@rpp386.cactus.org> jfh@rpp386.cactus.org (John F Haugh II) writes: >>That's a pretty big collection of files, but making the owner "root" >>does not make the collection smaller. > >Smaller? It is not my opinion. My opnion is, it is less complex. Sure, and letting everyone log onto the system as "root" is also less complex. You have yet to demonstrate how being less complex is some assurance of security. Quite to the contrary, it is widely recognized that least privilege and privilege bracketing techniques provide for increased security by reducing the effects of software errors. Both of these techniques increase what you call "complexity" while simultaneously increasing "security". Software "firewalls" have the same effect. Limiting the damage that an error in the UUCP subsystem can cause to files controlled by the UUCP subsystem =will= limit the effects of software errors or malicious damage. >>This isn't news. > >This is the news. The oldest references that I am aware of predate the 1978 BSTJ "UNIX" edition. While it might be "information", it isn't "new" information. I would say that it is at least 12 year old information. >>How about starting with exporting the file system read-only and only >>to systems which are properly administered. > >Nice start. Please continue, until you recognize it complex. NFS =is= a security hole. The best thing you can do to improve security on a system with NFS is to remove NFS. Changing all the file ownerships to "root" will not save your ass. Now, if you can come up with a flaw in layered security on a properly administered system, then it might be "interesting". -- John F. Haugh II UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 Domain: jfh@rpp386.cactus.org "While you are here, your wives and girlfriends are dating handsome American movie and TV stars. Stars like Tom Selleck, Bruce Willis, and Bart Simpson."