[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More on Security

    Date: Tue, 7 Nov 89 11:57 PST
    From: DMittman@robotics.jpl.nasa.gov (David Mittman)

    According to my sources, the Sun folk are worried that because
    their network connections between machines might be buggy and subject
    to break-in, they want to rely on console security to ensure that no
    unauthorized access to their Suns is made over the net.

That would mean that anyone who has an account on a password protected
machine would be authorized to access their Suns?!

I think there exist two levels of security which should be addressed:

1) making a machine secure against the wily intruder 

That's the case where our machines be it Unix or Lisp machines surely
are not secure as soon as a user aquires some knowledge of their inner
workings. Monitoring ethernets for interesting data, faking machines and
that all make it hard for current "security" schemes to offer real

2) making a machine secure against "accidental" misuse

I for my own part are more interested in password protection ("login"
and/or "gone") to keep someone from (maybe accidently) making a mess out
of my environment.

For example: as a system administrator here at GMD I use ACL's to keep
our sources read only (there's nothing more the current acl code is good
for anyway :-() -- before ACL's someone just by accident reloaded 7.0
sources on the server when we actually run 7.1 already. And poor me had
to find and get rid of all these unwanted files! I'm pretty busy doing
my regular work and just can do without such extra work.

Another one: I'm lucky to have my own office and this makes my Mac
secure enough for me, but a colleague of mine is located in more or less
public office and what do you think his Mac looks like when he's been
away for some hours? Chances are for rearranged folders, moved files,
new applications, changed default settings -- "Oh, I just wanted to
print my MS-FOO files from here, sorry!" My lispm and me lived in a
public office too "in the early days" of Release 4.x - 6.x and what do
you think how often someone said "Oh! sorry, just tried ... and it
crashed!  Had to cold boot it!" Funny? Naah.

Locking the keyboard in a drawer would be a clumsy way to keep them
away, a password for console access would be sufficient: they normally
don't reboot your machine in order to "just do this or that", so
h-c-function would be no hole as long as a warm boot would ask for the
password when enabled.

That's just how life works when there are a lot of so called end-users
around and knowledgable hackers are the minority.

So Symbolics, please provide some basic protection for case 2) in Genera
8.0 and maybe document it as clearly not being sufficient for case 1)