[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Does Security matter at all?



> "Thomas Bushnell, BSG" wrote:
> > 
> 
> > At MIT, we took the approach long ago that physical access 
> was enough
> > to give total power over the machine.
> > 
> > So we built a network infrastructure of services that assumed that
> > users in clusters had root, we published the root password 
> (orignally
> > it was published in the papers that described the Athena 
> system), and
> > we set the users free.
> 
> That is not unreasonable at a University environment, 
> provided that the
> users are responsible and fairly well trained.  We (EE dept 
> at FIT) gave
> out the root password fairly liberally (mostly because people wouldn't
> use SCCS correctly) and ended up with a lot of "minor" errors - like
> having all the SCCS code erased, having /usr/local/bin erased, and
> having all the webpages erased.  And these were the users we trusted.

I think the issue is that at MIT, they designed the infrastructure so
knowing root wouldn't matter, wouldn't compromise the security of the
networked infrastructure.  Even at MIT, they can't assume that the
students/users are responsible, well trained, or trusted.  I think that part
of the thought process was that -especially- at MIT, you would have lots of
people who would take it as a challenge to break the security
infrastructure.  

> 
> At a work environment, this is simply not acceptable in general.
> 
> ymmv,
> Christopher
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
> 



Reply to: