Re: Re: In Praise of Dos (RE: Mutt & tmp files)

To: debian-security@lists.debian.org
Subject: Re: Re: In Praise of Dos (RE: Mutt & tmp files)
From: ralphtheraccoon <ralphtheraccoon@uk2.net>
Date: Mon, 19 Nov 2001 22:28:00 +0200 (EET)
Message-id: <[🔎] 200111192028.fAJKRpr16055@mail0.spidernet.net>
In-reply-to: <[🔎] Pine.LNX.4.33.0111191054450.2770-100000@inconnu.isu.edu>
References: <[🔎] Pine.LNX.4.33.0111191054450.2770-100000@inconnu.isu.edu>

Hi,

> >Root Is God. This is a multi-user, full-time, "networked" device. Root
> >bears the responsibility of everything that happens to that machine.
> >They are answerable to everyone, not just one user.
>
> No, root had best not be god.  NSA Rainbow book pretty much states that
> for C systems that the administrator should be able to delete files, but
> may not necessarily be able to read them.  In a B system, administrative
> duties are dealt with by a committee, no one of which may necessarily
> have permissions to read a file, but all in concert must be able to
> delete.  You're missing a large point here: root doesn't have to have RWX
> access on everything to be able to do their job, -WX may do the trick.

It depends what you want "root" to be, really. If you are after a machine which you 
are IN CONTROL of, mostly with only you using it, then root being in total charge of 
everything is perhaps OK. So its not good from a security point of view, but if you dont
want security to be your top priority, then its, AFIAK, no big deal. You dont have a lot of
users about who may try and break your system, so user-level security (eg wheel/sudo/etc)
isnt as much effort as you need on a 5000 user uni. server.

> >For all its faults, Dos taught us what it was like to be in complete
> >control of ones own machine. No other users, no daemons, no "services".
> >Programs ran in a vacuum. I really like such control for single-user
> >machines from a security standpoint, even though I prefer the
> >functionality of Linux.
> 
> No, DOS taught us how to allow for a system to be compromised at the drop
> of a hat.  If you have unquestioned authority over your system, others can
> have it too.

and anyway, if you like a machine like that, set your linux box to have no cron or anything like that,
auto-loggin for root, single terminal, and only one user (root) which you do everything with. Like DOS
except easier to use. Linux can be both secure and multiuser (unlike DOS) or totally insecure and single user
(like DOS). Its still linux, even if it doesnt comply to RFC x and Security standard y. The point is, a Linux box
can be set up however you want, and root is (until you limit him/her/them) totally in charge. and you can change 
even that.

MadProf - 

I dont care about security. So root me.------------------------------
Wot? No Coffee?

Reply to:

References:
- Re: In Praise of Dos (RE: Mutt & tmp files)
  - From: John Galt <galt@inconnu.isu.edu>

Prev by Date: Re: In Praise of Dos (RE: Mutt & tmp files)
Next by Date: Re: In Praise of Dos (RE: Mutt & tmp files)
Previous by thread: Re: In Praise of Dos (RE: Mutt & tmp files)
Next by thread: Re: In Praise of Dos (RE: Mutt & tmp files)
Index(es):
- Date
- Thread