Path: utzoo!attcan!uunet!ficc!peter
From: peter@ficc.uu.net (Peter da Silva)
Newsgroups: comp.unix.wizards
Subject: Re: Getting rid of the root account
Message-ID: <4499@ficc.uu.net>
Date: 11 Jun 89 22:59:41 GMT
References: <127@orchid.warwick.ac.uk> <16659@rpp386.Dallas.TX.US>
Organization: Xenix Support
Lines: 21

In article <16659@rpp386.Dallas.TX.US>, jfh@rpp386.Dallas.TX.US (John F. Haugh II) writes:
> Consider for a moment a `mount' program...

> The alternative is to grant the mount program `MOUNT' privilege
> _and_ use permission bits....

A perfect example of why this is a red herring.

So, you're saying that if you break that 'mount' program all you've broken
is protecting the 'MOUNT' privilege, and root is still secure.

But as soon as you get MOUNT privilege you can mount a file system containing
a program with any other privilege you want... and you have the keys to the
kingdom again. ROOT lives... it's just called 'MOUNT'.

So why be complex when you can be simple?
-- 
Peter da Silva, Xenix Support, Ferranti International Controls Corporation.

Business: uunet.uu.net!ficc!peter, peter@ficc.uu.net, +1 713 274 5180.
Personal: ...!texbell!sugar!peter, peter@sugar.hackercorp.com.