Path: utzoo!attcan!uunet!husc6!mailrus!ames!pasteur!ucbvax!CAEN.ENGIN.UMICH.EDU!frank From: frank@CAEN.ENGIN.UMICH.EDU (Randy Frank) Newsgroups: comp.sys.apollo Subject: Re: some questions for the gurus. Message-ID: <8809081356.AA00196@caen.engin.umich.edu> Date: 8 Sep 88 13:56:30 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 31 It's always fun when flames start up on a list... I fundamentally disagree with those who state that security is a binary issue: if you can't have perfect security, then why have any at all is b.s. Security, be definition, is shades of gray. There IS a fundamental difference between executing a "SHUT" command and powering off a machine, even though the end result is a down machine. Firstly, it's much harder to accidentally power off a machine, and it's also the case that a user who might not feel at all uneasy about issuing a shut command might think twice about powering off a machine. Sinilarly, the argument that if you don't have physical security for a machine why bother with logical security is equally lame. Sure, with a lack of physical security a very sophisticated user can always get into a console or some equivalent mode and bypass whatever programitic security you build in, but the bottom line is that VERY few users are sophisticated enough to do this, while almost any user is smart enough to blast away another user's process. For years most of us have lived with vanilla BSD Unix, which, for many of us, has GOOD ENOUGH security. Most of us have also with with machine rooms with marginal physical security, and yet at least in my case I don't know of a case where a user used lack of physical security to break into a system. All cases I know of are penetrations of logical/programatic security. Despite what Apollo continues to say about "personal" workstations, they are starting to build a class of machines such as the DN10000 which we can ONLY justify as multi-user shared resources. If they want to sell us those machines, they are going to have to provide security on the same order of magnitude as standard BSD or we can't run them in our environment. It's that simple. Randy