Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!unmvax!turing.cs.unm.edu!mike From: mike@turing.cs.unm.edu (Michael I. Bushnell) Newsgroups: comp.mail.headers Subject: Re: administration fascism Message-ID: <2264@unmvax.unm.edu> Date: 4 Feb 89 21:53:51 GMT References: <412@execu.UUCP> <7094@xanth.cs.odu.edu> <412@avsd.UUCP> <1715@helios.ee.lbl.gov> <445@avsd.UUCP> <2253@unmvax.unm.edu> <608@uva.UUCP> Sender: news@unmvax.unm.edu Reply-To: mike@turing.cs.unm.edu (Michael I. Bushnell) Organization: University of No Money, Albuquerque, New Mexico Lines: 31 In article <608@uva.UUCP> dik@uva.UUCP (Casper H.S. Dik) writes: >Hmmm... you must trust your users very much. >People can not only steal other peoples mail, but can add an alias like >myalias: |/myhome/myprogram Our goal for security is to prevent users from doing accidental damage. We can restore the system from tape in a matter of hours--with little loss of data. The offending person is easily determined, and we can easily use administrative means to can them. >The program /myhome/myprogram will be executed with the uid sendmail uses >for untrusted mailers. If it is daemon (it is on my systems) the user >could then 'do some things I will not disclose here' and become root >in a matter of minutes. In the interests of letting people know what we mean, you could, for example, modify the atq and have jobs executed as root. The atq is, on most systems, owned by daemon, so daemon can modify it and have jobs run under any uid. >At that point he can do more damage to your system than you can repair >in the time saved by letting your users edit /usr/lib/aliases. As I said, not too much damage. We don't worry. Administrative control is far better than online security. Michael I. Bushnell \ This above all; to thine own self be true GIG! \ And it must follow, as the night the day, mike@turing.cs..unm.edu /\ Thou canst not be false to any man. Hmmmm.............. / \ Farewell: my blessing season this in thee!