Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!genrad!decvax!decwrl!pyramid!prls!philabs!micomvax!musocs!mcgill-vision!mouse From: mouse@mcgill-vision.UUCP Newsgroups: comp.arch,comp.unix.wizards,comp.os.misc Subject: Re: Free Software Foundation (was: Re: Mach, the new standard?) Message-ID: <893@mcgill-vision.UUCP> Date: Sat, 19-Sep-87 18:38:47 EDT Article-I.D.: mcgill-v.893 Posted: Sat Sep 19 18:38:47 1987 Date-Received: Sun, 27-Sep-87 23:04:27 EDT References: <4950@jade.BERKELEY.EDU> <2117@eecae.UUCP> Organization: McGill University, Montreal Lines: 49 Xref: utgpu comp.arch:2254 comp.unix.wizards:4228 comp.os.misc:233 In article <2117@eecae.UUCP>, lawitzke@eecae.UUCP (John Lawitzke) writes: >> Minix is v7 - (things you didn't know about, and don't want even if >> you did), the GNU kernel should be 4.3BSD + (things) - (security >> features). > The GNU kermel should be 4.3BSD + (things) + (security features) > What security features don't you want? In general, anything which serves no purpose but security. > Separate userids and passwords? Lisp Machines have userids but everyone is a super-user, to use the UNIX terminology. They have no passwords. They get by fine. > File protection modes? I could live without file protections. (I already do. My login has uid 0.) > Disk quotas? I could DEFINITELY live without disk quotas. We have them turned off at the moment! > checking the name of a system uucping in? Close call (pun deliberate). But if you are going to go passwordless there is no reason to bother checking this. I am clearly an extreme case. Let's provide a larger-scale example. We run a 4.3 derivative here. Two security "features" I wouldn't mourn come to mind immediately. One was simple to disable and benign once disabled; the other is inexcusable because NO MEANS WAS PROVIDED TO DISABLE IT. The first one is the "secure" option in /etc/ttys (all our lines are marked secure); the other is the restriction that only users in group 0 are allowed to su to root even with the root password. We had to recompile su to get rid of this one. I don't mind security "features" if they don't get underfoot (eg, distinct userids). But when they do, I'd better be able to disable them! For example, Sun's NFS normally maps uid 0 into uid -2 for remote requests, as a security "feature". However, I can live with this because Sun documents how to fix it and once fixed it is fixed for good. (Well, until the next release....) der Mouse (mouse@mcgill-vision.uucp)