Xref: utzoo comp.sys.misc:1810 comp.os.misc:606
Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cwjcc!gatech!rutgers!bellcore!faline!thumper!ulysses!andante!alice!debra
From: debra@alice.UUCP (Paul De Bra)
Newsgroups: comp.sys.misc,comp.os.misc
Subject: Re: What does NeXT do about security?
Keywords: NeXT, security
Message-ID: <8310@alice.UUCP>
Date: 17 Oct 88 15:19:03 GMT
References: <360@elan.UUCP> <5806@killer.DALLAS.TX.US> <9265@bigtex.cactus.org> <1403@percival.UUCP> <4006@phoenix.Princeton.EDU>
Reply-To: debra@alice.UUCP ()
Distribution: na
Organization: AT&T, Bell Labs
Lines: 20

In article <4006@phoenix.Princeton.EDU> mbkennel@phoenix.Princeton.EDU (Matthew B. Kennel) writes:
>If the optical disks on the Next machine are removable and writable,
>then presumably the user of such a machine can write to his disk and
>basically give himself root privileges.
>...
>I'm sure this problem has been looked at before, but the Next computer seems
>like it will be the first time that this will be a prevalent problem.
>
Wrong: the AT, the Mac II, and any other system with removable storage
basically provides the same problems. One can boot these machines from
floppies with g*d knows what (suid) programs on them. Any network that has
workstations with removable media is subject to this problem. Backup
cartridges are not much more secure than floppies either (though writing
a working bootable file system on a tape is usually a little more difficult).

Paul.
-- 
-------------------------------------------------------------------------
|debra@research.att.com   | uunet!research!debra     | att!grumpy!debra |
-------------------------------------------------------------------------