Path: utzoo!utgpu!news-server.csri.toronto.edu!utcs.toronto.edu!cks
Newsgroups: comp.unix.admin
From: cks@hawkwind.utcs.toronto.edu (Chris Siebenmann)
Subject: Re: Project Athena ( was Re: Non Destructive Version of rm)
Message-ID: <1991May15.225752.23063@jarvis.csri.toronto.edu>
Organization: Ziebmef home away from home
References: <12262@mentor.cc.purdue.edu>
Date: 16 May 91 02:57:52 GMT
Lines: 28

asg@sage.cc.purdue.edu (The Grand Master) writes:
| }  Project Athena's service machines (e.g. file servers, authentication
| }servers, mail servers, etc.) are secured just as your machines are.
| Exactly my point. If the main computers are setup correctly, then they are
| just as secure as your servers.

 This is true at the limit of setup effort, but may not be true in
practice. There are, broadly speaking, two levels of protecting a
resource on a machine (such as a password database or an essential
service):
- Don't allow unauthorized or unprivledged users on the machine in the
  first place.
- Protect the resource so that unauthorized users on the machine cannot
  harm it.

 In practice and with current Unixes, the first is easier and "more
secure" than the second. If my machine refuses all network logins and
can only be logged onto from the locked-away console terminal, it is
less open to outside attacks and OS file-protection bugs and pty bugs
and so on. Unix is no longer a clean and obviously secure system, and
you need to take this uncertainty into account when worrying about
overall security.

--
	"This Vi mode "feels" like Vi to me; it drives me nuts in the
	 ways that I am used to Vi driving me nuts." 
		- Brian Fox
cks@hawkwind.utcs.toronto.edu	           ...!{utgpu,utzoo,watmath}!utgpu!cks