Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!athena.mit.edu!tytso From: tytso@athena.mit.edu (Theodore Y. Tso) Newsgroups: comp.sys.next Subject: Re: NeXT concerns Message-ID: <8982@bloom-beacon.MIT.EDU> Date: 28 Jan 89 06:38:16 GMT References: <4474@umd5.umd.edu> <3231@ima.ima.isc.com> <4476@umd5.umd.edu> Sender: daemon@bloom-beacon.MIT.EDU Reply-To: tytso@athena.mit.edu (Theodore Y. Tso) Organization: Massachusetts Institute of Technology Lines: 62 In article <4476@umd5.umd.edu> feldman@umd5.umd.edu (Mark Feldman) writes: >There is no way to prevent a user from booting off the optical or prevent >them from booting in single-user mode. This means that anyone can become >root. Prventing someone from going root helps security somewhat (anything >that you can throw in their path is helpful), but not too much as any PC user >can go ``root''. What we need is authentication, so we decide to put MIT >Project Athena's Kerberos authentication systems on the NeXT. Uh oh, no OS >source. We're stuck. We at MIT have managed to get Kerberos up and running on the NeXT. Since Berkeley has released the networking code, it is possible to get a Kerberized rlogin, rsh, etc. This will also allow you not to be screwed over by Sun's yellow pages. MIT Project Athena's Hesiod (a general-purpose name service layered on top of named --- our answer to yellow pages) also more or less dropped right in. Kerberos and Hesiod are available by anonymous FTP from ATHENA-DIST.MIT.EDU. >In article <3231@ima.ima.isc.com> johnl@ima.UUCP (John R. Levine) writes: > >Good point! Now if only the person sitting at the NeXT could manipulate the >optical without having to become root. And while we're sitting in front of >the NeXT, it would be nice if the user at the NeXT could prevent other users >from popping up windows and making sounds, again, without becoming root. We've also gotten MIT Project Athena's "attach" program running on the NeXT. It uses Kerberos and Hesiod (although neither is strictly necessary), it allows users to mount and umount NFS file systems by commands such as "attach games", where hesiod expands "games" to "NFS /mit/lockers/games m4-035-w.mit.edu w /mit/games", which attach interprets and Does The Right Thing with it. I will be shortly extending attach also deal with UFS file systems, such as the optical disk. I will also be shortly (tonight) be extending attach to restrict what users can mount and where they can mount things. Attach has not been exported by Project Athena yet; but if anybody is interested, let me know. >If the Internet virus of months back happened now and was a NeXT virus, we >would be forced to disable much of the networking software or turn our NeXTs >off until receiving updates from NeXT. As it happened, our systems staff >had the necessary source and quiclky put out fixed software. We are a >networked campus with many network services, including NTP (network time >protocol) time. We have expertise in both UNIX and NTP -- the UNIX NTP >daemon was written here. When the people who wrote the UNIX NTP daemon >tried to port it to the NeXT, it hung. Some nasty Mach/networking bug >causes the NeXT to forget all of its interrupts or go into a very tight >kernel loop. Whateve the case, the NeXT hangs. Can we fix it? Can we find >the OS bug and report it to NeXT (helping them!)? No. We don't have the >necessary source. Actually, when I tried running ntpd, not only did it managed to crash the system, it stomped all over the (I assume) non-volitile memory where the boot preferences are stored. Fairly impressive bug. I seriously hope that the NeXT people are paying attention, and that the higher management (like Jobs) actually reads some of this. Believe it or not, Apple may actually be more reasonable with A/UX sources than NeXT is. NeXT can ill-afford to alienate the developers by being so obnoxious on the source code issue..... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Theodore Ts'o bloom-beacon!mit-athena!tytso 3 Ames St., Cambridge, MA 02139 tytso@athena.mit.edu If it's for real, it isn't!