Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!yetti!geac!daveb
From: daveb@geac.UUCP (Brown)
Newsgroups: comp.sys.att,comp.unix.wizards
Subject: Re: Security problem on UNIX PC's
Message-ID: <1487@geac.UUCP>
Date: Sun, 27-Sep-87 14:48:35 EDT
Article-I.D.: geac.1487
Posted: Sun Sep 27 14:48:35 1987
Date-Received: Sun, 27-Sep-87 19:47:12 EDT
References: <54@quincy.UUCP> <6478@brl-smoke.ARPA>
Reply-To: daveb@geac.UUCP (Dave Collier-Brown)
Organization: The little blue rock next to that twinkly star.
Lines: 26
Keywords: security, root, problem, unix-pc
Xref: mnetor comp.sys.att:1336 comp.unix.wizards:4534

In article <6478@brl-smoke.ARPA> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
>Second moral:  It's hard to provide a guaranteed controlled environment
>that is also featureful.  Chroot can help with this, but by the time
>sufficient useful facilities are placed into the new environment, it's
>not much safer than an uncontrolled environment.

  This has been dealt with to a limited degree in the second version
of "Secure Xenix[1]".  The trusted shell[2] is a table-driven command
interpreter with a facility to set the "role" of the user, which
serves to set the tables that she can use. Ie, if I'm the auditor and
the filesystem maintainer, I can issue both filesystem and auditing commands.
  This is know as an "open subsystem", and was first popularized by
ICL (you know, the english mainframers).  It is the opposite of a
"closed subsystem" like mail or <your favorite editor>.

 --dave

1. Xenix is a Trademark of Microsoft.
2. Hecht et all, "UNIX without the Superuser", in "Conference
   Proceedings of the Summer 1987 USENIX Technical Conference and
   Exposition".
-- 
 David Collier-Brown.                 {mnetor|yetti|utgpu}!geac!daveb
 Geac Computers International Inc.,   |  Computer Science loses its
 350 Steelcase Road,Markham, Ontario, |  memory (if not its mind)
 CANADA, L3R 1B3 (416) 475-0525 x3279 |  every 6 months.