Newsgroups: comp.unix.admin
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!umich!terminator!predator.rs.itd.umich.edu!cmclark
From: cmclark@predator.rs.itd.umich.edu (Charles Clark)
Subject: Re: Project Athena ( was Re: Non Destructive Version of rm)
Message-ID: <1991May9.211454.965@terminator.cc.umich.edu>
Sender: usenet@terminator.cc.umich.edu (usenet news)
Organization: U of Michigan, ITD Research Systems
References: <12067@mentor.cc.purdue.edu> <1991May9.001907.13024@athena.mit.edu> <12112@mentor.cc.purdue.edu>
Distribution: na
Date: Thu, 9 May 91 21:14:54 GMT

asg@sage.cc.purdue.edu (The Grand Master) writes:
>Just answer one quick question. I assume that each workstation has a 
>disk of it's own mounted on / right? If so, can I not log into one of
>your workstations and rm -rf /, thus making it useless? Can I not do
>this for EACH AND EVERY WORKSTATION YOU HAVE?

So what?  That breaches no security.  And you can only do that on the
public workstations, not each and every one.  And you need to be there
physically to do it.  And every student that is trying to get work done
will beat you silly or to a pulp whichever comes last if they see you
doing something this stupid to machines they are wanting to use.  There
is no gain to doing this.  And the machines can be brought back up in
orginal condition (because / contains nothing unique to the workstation
eh) in minutes.  Like I said, you could do this but so what, who is
going to under these conditions.  Furthermore have they had this
problem in their years of operating this way?  No. Doesn't this weigh
in more than your arguements?  Yes.

>You have another choice. To trust only those computers to which the user does
>not have physical access.

How?  Trust them because they claim to have a name or ip number that
you have in a list?  This is fundamentally insecure, because both the
ethernet and TCP/IP protocols are insecure in this respect, unless you
allow absolutely NO other machines besides the trusted ones on your
networks.  Not gonna happen.

>I NEVER said anything about trusting every machine on the internet. Is there
>no way of telling a system to "trust" only a select few others?

No there isn't.  That is what we are trying to tell you.  Without an
authentication scheme, trusting machines by name or number is very
small security.

>Again, Are you telling me tha You cannot tell your system to 
>trust prep.ai.mit.edu and not trust ypig.stanford.edu ?
>Why not?

Sure you can tell it that.  But the thing is, non-trustworthy machines
exist all over the internet that can fake being prep.ai.mit.edu or
anything else you want.  Especially if they can plug in on the same
subnet.

cmc