Path: utzoo!utgpu!watmath!iuvax!mailrus!caen.engin.umich.edu!hobbes From: hobbes@caen.engin.umich.edu (Steven J Mattson) Newsgroups: comp.sys.next Subject: Re: Security and defaults. Message-ID: <43b721a8.19ac2@wasp.engin.umich.edu> Date: 8 Jun 89 22:29:00 GMT References: <4985@umd5.umd.edu> Organization: U of M Engineering, Ann Arbor, Mich. Lines: 106 From article <4985@umd5.umd.edu>, by feldman@umd5.umd.edu (Mark Feldman): > It seems to me that most of the people complaining about NeXT security are > somewhat frustrated, but for the most part calm. The frustration comes from > liking many aspects of the NeXT, but knowing that the next load of > workstations to be purchased will be from Sun, DEC, or someone else, because > NeXTs cannot be secured in a hostile (or just ignorant) environment. > Making it easy to accidentally clobber a machine is nothing to brag about. > The ability for any user to easily and arbitrarily change the date and time > -- functions as important to the security, integrity, and correct operation > of a UNIX box as file permissions -- is a mis-feature. Joe user probably > doesn't know the consequences of this action. If a user is allowed to make > such a mistake without being forced to become root (knowing that actions > taken as root can have severe consequences), he may injure himself, other > users on the same machine, and the aftermath will eventually get back to me > as a NeXT support consultant. > It's not so much ``my rules'' as common sense. I'm not one for leaving the > keys in the ignition and the engine running when I'm away from my car. Most > people aren't. Why is it NeXT's default? If somone knows enough about his > environment, let him remove the safeguards, but don't make it the default. You'd think with all of the possibilities available people in this newgroup -- either directly here given that lots of people from Next participate or through their sales reps -- to get their problems aired, that someone would be able to civilly discuss their difficulties without baselessly ripping into the company for self-gratification. This whole issue of security has read like a study in ineptitude. Yes, I will back this up: 1) Next is trying to produce a machine with native unix that has the ease of use of a Macintosh. Not an easy task, take A/UX for an example if you care to, I don't. Other than the lack of software, they've done a fair job so far, but if people would stop flaming long enough to point out problems than maybe it could be better. For example, allowing anyone who feels like it to change the system time on a unix machine is incredibly stupid, I agree. So tell Next to take it out or at least protect it from casual studipity. But as another example, allowing BuildDisk to run suid is not quite as stupid, if your system is standalone on someone's desk. If you want to be able to initialize a disk, pop it in and do it. Preventing people from building the disk they're currently booted off of is more a concern. Next has consistently said that they want to hide the unix from people as much as possible. Their machines come configured for standalone use, with *absolutely nothing* restricted from the user who sets up the machine. If this is how you leave the machine (and if you're not on a network, why not?) then for the most part it is no easier or harder to trash than a Mac. 2) Even when on a network, Nexts are still set up to make network configuration for a small homogeneous network as painless as possible. I think this is as it should be if Joe Prof. is going to buy one. Do you think he has enough knowledge of unix to get the thing up and running in a massive heterogeneous environment anyway? Not the Profs around here. No unix box was ever plug and play out of the case. Gee, maybe that's why they wanted to have campus support people? 3) There are two sets of people losing their heads consistently in this group. The first group can't wait to get their hands on sources so they can see which calls Next used to write stuff, and then they'd probably complain about the order of parameters or something of equal redeeming value. They said it wasn't going to happen unless you had a good reason, find one. The second set can't flip an suid bit to save their skins. If the machine doesn't come up perfectly for their environment as a default, then screw it and its relatives for a thousand generations. Maybe if some of the overunixed people smashed their heads into those of the underunixed we could all get some work done. Another example: Using the same software techniques that Sun administraters use to prevent access to the singleuser boot, we've had Nexts in PUBLIC labs for people to try out since late December. Every once in a while someone would have to go reboot one (a 0.8 trademark) but the security of the machine or the network was never an issue. Some of us even reported the need to be able to protect this more easily to those Next people who kept coming around asking what our problems were. 4) Need I remind you all that we're talking about a BETA machine here. People seem to keep forgetting that the software release they're running has a major version number of "0". As I see it, the whole point of this massive and unprecedented beta test was to help them make a "final product" that would better meet the needs of their market than anything that exists so far. There is no final product yet people. People very eager to have one here on campus have asked me whether or not they should buy a Next now. I have consistently said, "No. Wait until 1.0 comes out and the machine is stable, or if you need something now, go ahead and buy someone else's." There is nothing tragic about recommending that a user buy something that works. If you're all as hot on the next as you say you, then maybe you could spend some more time beta testing and less time flaming to make 1.0 a better final product. In the mean time all of you eager beavers could be looking for things that might potentially harm the system and informing CALMLY both Next and the rest of us so that we can take steps to protect ourselves from disaster. I think I've stated my point emough here. You all have a chance to make a difference, but instead you spend all day flaming Next for their supposed stupidity with comments that if you took the time to think about it you'd realize something: Everything you say either applies to others vendors as well, or is a complaint about an attempt Next has made to solve problems that other vendors have as givens. I've been just as pissed at the machine as any of you on occassion, but they've said they're going to fix things so I report 'em and put up workarounds for the users here. Real tough to do. Save your flames for worthwile problems. -Steve Mattson Computer Aided Engineering Network These are MY opinions, University of Michigan if you don't agree with them, hobbes@caen.engin.umich.edu piss off.