Path: utzoo!news-server.csri.toronto.edu!rutgers!ucsd!dog.ee.lbl.gov!elf.ee.lbl.gov!torek
From: torek@elf.ee.lbl.gov (Chris Torek)
Newsgroups: comp.unix.programmer
Subject: Re: C2 secure systems and the superuser
Message-ID: <10964@dog.ee.lbl.gov>
Date: 15 Mar 91 00:45:36 GMT
References: <1991Mar13.185609.21132@convex.com> <1991Mar14.165015.25728@cbnewsc.att.com>
Reply-To: torek@elf.ee.lbl.gov (Chris Torek)
Organization: Lawrence Berkeley Laboratory, Berkeley
Lines: 8
X-Local-Date: Thu, 14 Mar 91 16:45:36 PST

Actually, `system' accounts (or `operator' privileges that allow mount,
restore, etc., without being root) *are* useful, but not because they
are `more secure'.  The point is (or should be) not that system cannot
become root, but rather that when system makes mistakes, they have less
drastic effects (in most cases) than the same mistakes made as root.
-- 
In-Real-Life: Chris Torek, Lawrence Berkeley Lab EE div (+1 415 486 5427)
Berkeley, CA		Domain:	torek@ee.lbl.gov