Xref: utzoo comp.unix.programmer:1312 alt.sources.d:1614
Path: utzoo!utgpu!cs.utexas.edu!sun-barr!newstop!west!texsun!convex!usenet
From: tchrist@convex.COM (Tom Christiansen)
Newsgroups: comp.unix.programmer,alt.sources.d
Subject: Re: C2 secure systems and the superuser
Message-ID: <1991Mar14.022920.19647@convex.com>
Date: 14 Mar 91 02:29:20 GMT
References: <19103@rpp386.cactus.org> <1991Mar13.185609.21132@convex.com> <5988:Mar1400:07:0391@kramden.acf.nyu.edu>
Sender: usenet@convex.com (news access account)
Reply-To: tchrist@convex.COM (Tom Christiansen)
Organization: CONVEX Software Development, Richardson, TX
Lines: 28
Nntp-Posting-Host: pixel.convex.com

From the keyboard of brnstnd@kramden.acf.nyu.edu (Dan Bernstein):
:In article <1991Mar13.185609.21132@convex.com> tchrist@convex.COM (Tom Christiansen) writes:
:> From the keyboard of jfh@rpp386.cactus.org (John F Haugh II):
:> :In article <1991Mar13.042033.12450@convex.com> tchrist@convex.COM (Tom Christiansen) writes:
:> :>I maintain that both "auth" and "sysadmin" give you indirect
:> :>root privileges.
:
:Undoubtedly you would stop complaining if ``auth'' were named
:``root-auth'' and ``sysadmin'' were named ``root-sysadmin''.

No, I don't think I would.  The C2 folks seem to think a system is
more secure this way, but I see it as having N accounts to try to
find holes into rather than just one.  This makes it easier for
the cracker.

:> :Perhaps "sysadmin" also lets you crash
:> :the machine by unmounting critical volumes or over-mounting
:> :others.  A quick look at the audit logs will reveal what
:> :happened.
:> Audit logs can be altered once you are powerful enough.  And
:> it's important to stop it from happening in the first place.
:
:The situation is no worse than the situation where ``sysadmin'' equals
:``root'' to begin with.

Except for that people think it's more secure when it's not.

--tom