Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!world!eff!ckd From: ckd@eff.org (Christopher Davis) Newsgroups: comp.admin.policy Subject: Re: SUSPEND SYSOPS, NOT STUDENTS Message-ID: Date: 17 Jun 91 15:13:20 GMT References: <20740@slice.ooc.uva.nl> <20790@slice.ooc.uva.nl> <1991Jun17.110742.25947@bellcore.bellcore.com> Sender: ckd@eff.org (Christopher Davis) Organization: The Electronic Frontier Foundation Lines: 46 In-Reply-To: jona@iscp.Bellcore.COM's message of 17 Jun 91 11:07:42 GMT Jon> == Jon Alperin Jon> Now let me see if I follow.... Jon> 1. You keep files on another system, therefore you have the Jon> right to insure that there is proper security on your files on Jon> that system Jon> Therefore: Jon> You break into someone else's account..... Who said anything about breaking in? Let's take a hypothetical case (NOT the Georgia case). Mr. Edward Foo has an account on vax99.big-u.edu. He keeps some things there, that (while not horrendous top secret information) he'd rather keep out of the way of J. Random Luser. He runs COPS on the system (say, without the PW guesser, because that takes too damned long). He finds that /var/spool is world-writable. He reports this to the sysadmins, who fix it (hopefully ;-). Has he done anything wrong? If he did it here, I'd be glad to hear it so I could fix it (though I run COPS, too...). I know some sysadmins who would take a "shoot the messenger" stance on this (and have). There have been accounts suspended for running COPS when the only way the sysadmin knew COPS was run was from the report being mailed to him... Jon> hmm.... If you want to have privacy and security on your own Jon> files, you should respect the privacy and security of others. It Jon> may sound childish, but unless you own the system, everyone else Jon> is entitled to the same rights of security and privacy as you. Jon> Unless, of course, you really aren't interested in maintaining the Jon> privacy of your own files.... :-} Perhaps the best way to respect the privacy and security of others is to make sure that privacy and security is better maintained. -- Christopher Davis - System Manager & Postmaster, Electronic Frontier Foundation <{uunet,bu.edu,...}!world!eff!ckd> NeXT: 155 Second Street, Cambridge, MA 02141 - +1 617 864 0665 - FAX: +1 617 864 0866 "Internet mail headers are not unlike giblets." - Paul Vixie