Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!previous.eng.ohio-state.edu!jgreely From: jgreely@previous.eng.ohio-state.edu (J Greely) Newsgroups: comp.sys.next Subject: Re: time zones Keywords: time zone setting next bugs features Message-ID: <51400@tut.cis.ohio-state.edu> Date: 8 Jun 89 01:39:54 GMT References: <11408@megaron.arizona.edu> <5139@pt.cs.cmu.edu> <1178@garcon.cso.uiuc.edu> <51362@tut.cis.ohio-state.edu> <2333@blake.acs.washington.edu> Sender: news@tut.cis.ohio-state.edu Reply-To: J Greely Distribution: usa Organization: Ohio State University Computer and Information Science Lines: 68 In article <2333@blake.acs.washington.edu> mrc@Tomobiki-Cho.CAC.Washington.EDU (Mark Crispin) writes: > There is no security against anyone who has physical access to >the console. Hell's bells, you can hit double-COMMAND-` to get an NMI >interrupt, halt the machine, and then boot it any way you want. I'm >no Unix wizard, but I know how to give myself superuser access to any >NeXT I can lay my hands on, even without an account. Yup, and that's one major reason we won't buy them. We currently use Suns in both student labs and faculty offices, all sharing the same filesystems. What you might call a "hostile environment". The same problems exist on our suns, but with 4.x, if the console is not marked secure you can't boot single-user without the root password, and root logins are not permitted. NeXT has done part of that, but marking the console as not secure does nothing to prevent arbitrary users from booting single-user. Oops. There are other fun things that can be done with the ROM monitor, most of which are too complex for the average undergrad, but the combination of: a) user-creatable system disks, b) magical ownership of all files on an optical, and c) the ability to set the boot device in a "user-friendly fashion", allows people to break into the machine without ever leaving the user-friendly, bells-and-whistles window system. Bad enough having people breaking in, but at least with most systems they have to know *something* to do it! NeXT has created "security holes for the rest of us." >Is anyone using NeXTs as ordinary Unix >timesharing boxes?? I use the NeXT on my desk as a workstation, interacting with our network as a "trusted peer". It exports a filesystem, it mounts 56 file systems from other hosts, it uses the same password and group files, and looks like just another Unix box to other machines. The only reason I allow it to operate in this fashion is because the console sits in my office, over which I have some reasonable guarantees about security. In contrast, we have labs that contain large numbers of Suns for student use, and access to their consoles doesn't lower our security drastically. I'd like to make a machine like the NeXT available for use by ordinary people, but I don't trust it in a public location. > The bottom line remains that anyone can do anything on the >console, at least until NeXT comes out with a model that lets you lock >out the NMI interrupt or typein to the boot ROM (e.g. by key). Sun's solution to the ROM monitor problem was to make replacement chips that required a password to do anything other than continue. This would be acceptable for solving that problem (and, I think, preferable to adding a key). >So, >why not assume that anybody you allow to use your NeXTs is going to be >a responsible individual, albeit someone may need to be told what >*not* to do. Anyone you can't trust not to do bad things in >Preferences (once instructed on what not to do at your installation) >can't be trusted with physical access to a NeXT console either. Well, let's see. Of the 2000 or so people who have accounts on our Unix machines, the number I trust "not to do bad things" is about 50. This is equivalent to the support staff and system operators. With the fairly high turnover in population here (approximately 25% every 3 months), there will always be people who don't know what actions are "disrecommended", or can't be trusted to not do them. Easier to just not buy the NeXT, which, right now, is the solution we'd choose. -=- J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely)