Path: utzoo!attcan!uunet!cs.utexas.edu!rutgers!rochester!pt.cs.cmu.edu!wb1.cs.cmu.edu!avie
From: avie@wb1.cs.cmu.edu (Avadis Tevanian)
Newsgroups: comp.sys.next
Subject: Re: Security and defaults.
Message-ID: <5169@pt.cs.cmu.edu>
Date: 9 Jun 89 03:49:54 GMT
References: <4985@umd5.umd.edu> <43b721a8.19ac2@wasp.engin.umich.edu>
Organization: NeXT, Inc.
Lines: 37

From article <4985@umd5.umd.edu>, by feldman@umd5.umd.edu (Mark Feldman):
> Making it easy to accidentally clobber a machine is nothing to brag about.

When we ship a machine, we need to make sure that it works for a standalone,
naive user.  This is why applications like BuildDisk and Preferences are
shipped setuid.  If you need to add a machine to an administrative domain
under your control, and you would like to eliminate the potential problems
these applications cause, then you must sanitize the machine.

For example, it is trivial to disable the setuid bit on Preferences... it
is already set up to handle this and allows a user to set anything except
those things that require root access (date/time/boot device/...)... at
least in 1.0 (I'm not sure about 0.9).  If you are afraid of someone logging
into a machine and doing a BuildDisk on it, then you remove the BuildDisk
application.

There are always going to be applications that seem to be overly privileged
as shipped --- this is necessary to handle that naive, standalone user.
I think it would be valuable; however, to get feedback on any area where
system administrators feel they can not protect their system.  I will then
attempt to make sure that we can find solutions to get into 1.0.  Remember,
though, you have to be willing to go to the effort to turn off a setuid
bit here or there (or some similar thing).

I also think it would be very valuable to put together a list of things
that a system administrator might want to do (e.g., disable setuid on
Preferences, remove BuildDisk, ...) and make it available to other system
administrators.  Perhaps someone out there would like to be the collection
point for this.

Feel free to send me information along these lines at avie@next.com.

-- 
Avadis Tevanian, Jr.    (Avie)
Manager, System Software Group / Chief Operating System Scientist
NeXT, Inc.
avie@cs.cmu.edu or avie@NeXT.com
--