Path: utzoo!attcan!uunet!husc6!bloom-beacon!arktouros!dyer
From: dyer@arktouros.MIT.EDU (Steve Dyer)
Newsgroups: comp.unix.aux
Subject: Re: Security on A/UX
Message-ID: <7258@bloom-beacon.MIT.EDU>
Date: 1 Oct 88 04:28:47 GMT
References: <3242@emory.uucp>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: dyer@arktouros.MIT.EDU (Steve Dyer)
Organization: MIT Project Athena, Cambridge MA 02139
Lines: 26

At Project Athena, people have recognized that worrying about "security"
relative to any individual workstation is a hopeless task.  Students can take
control of the entire machine by simply booting some program of their own
via the floppy, so any hope of security goes out the window.  In fact,
every publically-accessible workstation has the same root password, and
it is well-known and freely publicized.  Disabling the floppies or tapes
is not considered an option, since they are the only backup media easily
accessible to students.

The Athena model of computation assumes only a vestigial root file system with
most utilities provided via remote virtual disk (RVD), a local ND-like
protocol, and NFS, with these and other network services authenticated using
the Kerberos system, which was described in the Winter 88 USENIX proceedings.
Right now the environment exists for the RT/PC running ACIS 4.3 and the
VAXstation 2000 running 4.3BSD, both with NFS.

In any event, we are porting the Athena environment to A/UX on the Mac II
right now, at this point to see just how easy or hard it will be.  This
doesn't solve your problem now, but it does point out that the issues you
present are difficult to solve without a methodical, holistic approach.
Typical UNIX (or worse, NFS) security measures just won't measure up.

---
Steve Dyer
dyer@arktouros.MIT.EDU
dyer@spdcc.COM aka {harvard,husc6,ima,bbn,m2c,mipseast}!spdcc!dyer