Re: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- To: Jacob Kuntz <email@example.com>, firstname.lastname@example.org
- Cc: email@example.com, John Goerzen <firstname.lastname@example.org>, email@example.com, Pierre Beyssac <firstname.lastname@example.org>, Samuel Tardieu <email@example.com>, Adam Di Carlo <firstname.lastname@example.org>, "Huneycutt, Doug" <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
- Subject: Re: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- From: Mike Touloumtzis <email@example.com>
- Date: Sat, 5 Feb 2000 12:24:09 -0800
- Message-id: <20000205122409.C2854@fiji.bluemug.com>
- In-reply-to: <20000205135352.C761@megabite.net>; from Jacob Kuntz on Sat, Feb 05, 2000 at 01:53:52PM -0500
- References: <20000205135352.C761@megabite.net>
On Sat, Feb 05, 2000 at 01:53:52PM -0500, Jacob Kuntz wrote:
> in the world of PCs, its not uncommon to be able to take over a system
> by rebooting it. i have always assumed that people realize that no
> matter how the software is configured, if you have access to the
> phisical hardware controlling it, you can do what ever you want with
> it. it's foolish to argue about this.
This is dogma of the security trade, and has been repeatedly stated
in this flamewar, often (IMHO) without much critical thought.
Here's another piece of security dogma: security isn't about making bad
things impossible, it's about making bad things unlikely (by raising the
energy barrier). The systems that originally brought up this discussion
have locked cases and are in a lab with video cameras. With a typical
Linux system, this would raise the barrier to breaking into the system
enough that students would typically not attempt it. With Debian,
it's possible to do it in a way that is not visible to the cameras.
I don't think this is an uncommon setup, either: Debian's managability
advantages make it ideal for this kind of thing.
If the FBI or national equivalent wants to get at the computers, obviously
they will, but that wasn't the admin's concern. The admin's concern was
that Debian systems in this configuration contain a gotcha that is not
widely known (I admin an office full of Debian systems and never knew
about this) and which exhibits a behavior that similar systems don't.
A maximal install of a Debian system represents more information than
anyone can assimilate in a lifetime. People who run around saying
"it's an admin's responsibility to know his system" are copping out.
It's _Debian's_ responsibility to minimize the information complexity
of the system where possible by not willfully deviating from expected
behavior, since this means that knowledge transfer from similar systems
(other Linux/Unix) is hindered.
P.S. Debian rocks! :-)