Re: Does Security matter at all?

To: "Thomas Bushnell, BSG" <tb@MIT.EDU>
Cc: Remco Blaakmeer <remco-blaakmeer@quicknet.nl>, Debian Developers List <debian-devel@lists.debian.org>
Subject: Re: Does Security matter at all?
From: "Christopher W. Curtis" <ccurtis@aet-usa.com>
Date: Wed, 05 Jul 2000 11:20:27 -0400
Message-id: <[🔎] 3963523B.B26BB6B1@aet-usa.com>
References: <[🔎] Pine.LNX.3.96.1000704234208.4042C-100000@rd1936.quicknet.nl> <[🔎] u1hd7ktkzez.fsf@pusey.mit.edu>

"Thomas Bushnell, BSG" wrote:
> 

> At MIT, we took the approach long ago that physical access was enough
> to give total power over the machine.
> 
> So we built a network infrastructure of services that assumed that
> users in clusters had root, we published the root password (orignally
> it was published in the papers that described the Athena system), and
> we set the users free.

That is not unreasonable at a University environment, provided that the
users are responsible and fairly well trained.  We (EE dept at FIT) gave
out the root password fairly liberally (mostly because people wouldn't
use SCCS correctly) and ended up with a lot of "minor" errors - like
having all the SCCS code erased, having /usr/local/bin erased, and
having all the webpages erased.  And these were the users we trusted.

At a work environment, this is simply not acceptable in general.

ymmv,
Christopher

Reply to:

References:
- Re: Does Security matter at all?
  - From: Remco Blaakmeer <remco-blaakmeer@quicknet.nl>
- Re: Does Security matter at all?
  - From: tb@MIT.EDU (Thomas Bushnell, BSG)

Prev by Date: Re: SECURITY PROBLEM: autofs [all versions]
Next by Date: RE: Does Security matter at all?
Previous by thread: Re: Does Security matter at all?
Next by thread: Re: Does Security matter at all?
Index(es):
- Date
- Thread