Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!mcvax!hp4nl!mhres!jv
From: jv@mh.nl (Johan Vromans)
Newsgroups: comp.unix.wizards
Subject: Re: GNU, security, and RMS
Message-ID: <JV.89Jun5101941@mhres.mh.nl>
Date: 5 Jun 89 16:19:41 GMT
References: <106326@sun.Eng.Sun.COM> <422@ladcgw.ladc.bull.com> <13688@ncoast.ORG> <15812@vail.ICO.ISC.COM> <2322@thor.acc.stolaf.edu>
Sender: jv@mhres.mh.nl
Reply-To: Johan Vromans <jv@mh.nl>
Organization: Multihouse Gouda, the Netherlands
Lines: 35
In-reply-to: mike@thor.acc.stolaf.edu's message of 3 Jun 89 04:48:46 GMT

> From: mike@thor.acc.stolaf.edu (Mike Haertel)
> As for my beliefs on the subject:
> 
> (1) Anyone who thinks a UNIX-compatible system can be `secure' has
>     some serious delusions.  Timing windows and covert channels abound.

Agreed. This could need some improvements.

> (2) There should not be security among the users of a computer system.
>     [...]   (I agree that in some situations it is reasonable
>     to have security to keep out outsiders, though.)

Agreed.

>     The principal use I have seen security put to has been the self-
>     aggrandizement of system administrators at the expense of the
>     user community.

One of the reasons for security is to protect users against
themselves. On most of the systems we run most users know how to
become root if they want or need to. But when you're super user, you
have to be extremely careful not to mistake or to mistype. 

I am not afraid that any other user will deliberately mistreat my
data, I'm just afraid of accidents. And humans make mistakes, you know.

> Mike Haertel <mike@stolaf.edu>

Johan Vromans <jv@mh.nl>

--
Johan Vromans			 jv@mh.nl via european backbone (mcvax)
Multihouse Automatisering bv		uucp: ..!{mcvax,hp4nl}!mh.nl!jv
Doesburgweg 7					  phone: +31 1820 62944
2803 PL Gouda - The Netherlands			    fax: +31 1820 62500