Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!romp!auschs!awdprime!testsys.austin.ibm.com!mbrown From: mbrown@testsys.austin.ibm.com (Mark Brown) Newsgroups: comp.org.eff.talk Subject: Re: Student suspended for distributing /etc/passwd Message-ID: <8711@awdprime.UUCP> Date: 22 Jun 91 19:40:37 GMT References: <1991Jun21.210556.24756@murdoch.acc.Virginia.EDU> <8589@awdprime.UUCP> <8670@awdprime.UUCP> Sender: news@awdprime.UUCP Reply-To: mbrown@testsys.austin.ibm.com (Mark Brown) Lines: 76 gl8f@astsun7.astro.Virginia.EDU (Greg Lindahl) writes: | mbrown@testsys.austin.ibm.com (Mark Brown) writes: | | >I see no reason why I, Sam Harried-Administrator with 2000 users on 25 | >systems, should have to investigate the intent of every user who | >trips one of my security alarms. | | Sorry, I guess I wasn't clear. | | I was saying that users should only be prohibited from doing security | checks with evil intent. I don't bother to investigate anyone's | intent; my system is secure against the holes that COPS checks for. I guess *I* wasn't clear. _Who_decides_evil_intent_? _Do_I_have_to_determine_intent_every_time_an_alarm_goes_off_? I posit that it is labor-intensive and potentially harmful to users to be forced to question their "intent" all the time. I posit that notification in advance, while not only GOOD MANNERS, also frees me to check on *real* attempts without wasting time (on my part, or on the students' when she is investigated for "attempting to crack the system"). What do you have against this? I see it as a simple courtesy to the admins of the system you are prodding. One More Thing: _I_don't_care_if_it_is_COPS_or_any_other_device_. _That_is _not_relevant_. | >I just think it's common courtesy to ask permission first, since I'm | >responsible for the system you are "testing" (perhaps with a program | >more destructive - witness the Morris case). | | Which means you think it's OK to say "no" ? Yes, if I, as system admin, determine o your device is potentially destructive o your device is wasteful and you want to use it during peak time And to be clear: _Since_I_,_as_admin_,_am_*responsible*_to_ALL_users_of_ the_system_(as well as the owners of said system)_I_will_be_conservative_in _my_judgement_. If you wanted to run a "Morris worm" on an isolated system at 2am, then that's a different story. If you wanted to run COPS most any time, that's not a problem, but only because I know COPS. Your administrator may not know COPS from anything else -- what's the use in scaring her when you can be polite and ask in advance? Doesn't hurt anything. | >And, since [here comes the flame-bait] student users in general tend to be | >more inquisitive and less respectful of the system [flame bait over] | >[CAVEAT- I use my own student experience as an example] I would | >*require* permission in a University environment. | | Uhuh. Right. I'm glad you don't work for a university. | | Btw, I'm a student as well as a system administrator. [I *knew* I'd get a response!] I'm glad you have the time to deal with every "system tester" that comes along. DISCLAIMER: My views may be, and often are, independent of IBM official policy. Mark Brown IBM PSP Austin, TX. | Crazed Philosophy Student (512) 823-3741 VNET: MBROWN@AUSVMQ | Kills 15 In Existential Rage! MAIL: mbrown@testsys.austin.ibm.com | --tabloid headline