Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!purdue!decwrl!labrea!polya!shap From: shap@polya.Stanford.EDU (Jonathan S. Shapiro) Newsgroups: comp.sys.next Subject: Re: Security (was: Diskless NeXT) Summary: Bravo Keywords: Next Message-ID: <5301@polya.Stanford.EDU> Date: 26 Nov 88 23:10:34 GMT References: <17846@glacier.STANFORD.EDU> <3638@pt.cs.cmu.edu> <28185@tut.cis.ohio-state.edu> <267@aber-cs.UUCP> Reply-To: shap@polya.Stanford.EDU (Jonathan S. Shapiro) Distribution: eunet,world Organization: Stanford University Lines: 46 Bravo, Percarlo! In article <267@aber-cs.UUCP> pcg@cs.aber.ac.uk (Piercarlo Grandi) writes: >Many sys admins with a delusion of "management" have a gut instinct >that the best way to achieve something is by inconveniencing >users and imposing restrictions. Well, not only this is unnecessary, it >is also quite ineffectual, because it is easily circumvented in most >cases, and certainly in the one this article is about. In practice, this is exactly true. The largest source of security holes in "secure" systems is the administrators. In addition to not paying attention to security, they have a bad habit of asserting that they know better and building their own security holes. How many of you UNIX administrators *don't* have some program that gets you root priviledges without a password on the basis of who you are logged in as? >As somebody pointed out, the first thing new >*users* are told at MIT is the root password and yet security is >probably better there than in a network in which users cannot use the >suid/sgid facility... This raises an important but often missed point. Far too many users don't appreciate what an out of control program can do. On the whole, the vast majority of security breaks are not malicious - they are acts of curiosity. Giving out the root password, in environments where this is appropriate, both removes the incentive for such acts by the curious and makes them aware of the power and responsibility of such priviledges. It also encourages them to learn about system administration, which tends to result in more responsible and better educated users. Finally, it personalizes the computer as a domain over which they have control, and therefore, interest. People with the root password will often take active measures to *protect* their systems from damage, and they become vital resources because of their knowledge in times of crises. Yes, I understand fully that this isn't appropriate in all environments. In the most productive development environments I know about, everyone has the root password to at least their own machine, and network-mounted file systems use uid mapping to prevent damage to critical resources. In addition, a non-development, "production" machine is used to supply truly critical resources. It works very very well, and enables a development group to customize their environment for maximal development effectiveness. Jon Shapiro