Xref: utzoo news.sysadmin:1396 comp.unix.wizards:12347 Path: utzoo!attcan!uunet!mcvax!enea!suadb!anders From: anders@suadb.UUCP (Anders Bj|rnerstedt) Newsgroups: news.sysadmin,comp.unix.wizards Subject: Re: How to stop future viruses. Message-ID: <556@suadb.UUCP> Date: 11 Nov 88 12:15:36 GMT References: <16722@agate.BERKELEY.EDU> <2178@cuuxb.ATT.COM> Reply-To: anders@suadb.UUCP (Anders Bj|rnerstedt) Organization: University of Stockholm, Sweden Lines: 39 I would like to add: 6. A less blunt use of the set-user-id mechanism. Sendmail apparently needs to do rights amplification, but I dont see why it needs superuser rights. The uucp binaries have thier own owner/domain "uucp". Why cant the binaries related to mail have a similar domain "mail". I am sure there are other suid programs which are today owned by root, but which dont actually need full superuser priviliges. 7. It should be *possible* to physically write lock filesystems including the root file system. The disk write lock could perhaps be used, but the fact that it is tied to a device usually creates problems. What is needed is a physical togle for a logical concept: secure filesystems. It should be possible to place stable things like system programs in file systems marked "secure". The kernel (which would itself be placed in a secure filesystem) would only allow writes to a secure filesystem if a physical togle was in the "open" position. Normally the togle would be in the closed position. The togle is opened only when changes are really needed and requires a person to physically do it on-site. Sometimes this would be perceived as an inconvenience, but for those willing to pay the price it should be possible ------------------------------------ Anders Bjornerstedt Department of Computer & Systems Sciences University of Stockholm S-106 91 Stockholm Sweden INTERNET: anders@sisu.se OR anders%sisu.se@uunet.uu.net UUCP:{uunet,mcvax,cernvax}!enea!sics!sisus!anders.