Path: utzoo!utgpu!watmath!uunet!umbc3!alex From: alex@umbc3.UMD.EDU (Alex S. Crain) Newsgroups: unix-pc.general Subject: Re: interesting behaviour. (followup) Message-ID: <1459@umbc3.UMD.EDU> Date: 20 Dec 88 16:19:30 GMT References: <1430@umbc3.UMD.EDU> <444@uncle.UUCP> <1437@umbc3.UMD.EDU> <598@happym.UUCP> Reply-To: alex@umbc3.UMD.EDU (Alex S. Crain) Organization: University of Maryland, Baltimore County Lines: 40 In article <598@happym.UUCP> kent@happym.UUCP (Kent Forschmiedt) writes: >In article <1437@umbc3.UMD.EDU> alex@umbc3.UMD.EDU (Alex S. Crain) writes: >> 3) I wasn't running any of the obvious security holes with the >>exception of no root password. > >When I read this, I laughed so hard I almost fell off of my chair... As I put things back in order, I've decided that I probably toasted myself, as opposed to sabatoge, and at this point I really don't care, but the above comment disturbes me. Since I have no untrusted users, and no dialins, I will maintain that I have no use for a root password. root exists so that I am protected from accidentaly hosing myself, and to keep the unskilled users out of the system areas (aka, my wife, etc). I *will not* be afraid of hackers, even if I did get wasted by one, simply because there is no reason why anyone would want to hurt me, and no excuse for it. Its not really a question of being security, but of being afraid. I have cracked systems before, and part of my job is system security on the university systems. I believe that it is simply impossible to prevent intrusion, and that the best way to combat it is to remove the need. Ie: at school I advocate an open system, making sources and utilities available as much as possible. If everyone gets what they want from the system, there is no reason to circumvent security. If someone cracked my system, they did it over uucp, and knew what they were doing. Since they had no way of knowing if I had a root password, they probably assumed that I did, and used some other hole. If they did that, then they know more about my system then I do, so a root password wouldn't help. Some would argue that this attitude will cost me someday, but I don't think so, and life without fear is worth the risk. -- :alex Alex Crain Systems Programmer alex@umbc3.umd.edu Univ Md Baltimore County nerwin!alex@umbc3.umd.edu