Re: Root is God? (was: Mutt & tmp files)

To: debian-security@lists.debian.org
Subject: Re: Root is God? (was: Mutt & tmp files)
From: martin f krafft <madduck@madduck.net>
Date: Fri, 23 Nov 2001 10:44:53 +0100
Message-id: <[🔎] 20011123104453.B1847@fishbowl.madduck.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20011118175929.B25179@chiba.dyndns.org>
References: <[🔎] 20011115191101.B21932@axon-e.de> <[🔎] 20011115102833.A22221@crdic.ath.cx> <[🔎] 20011115234631.A7910@pandora.plagegeister.de> <[🔎] 20011116041316.J634@plato.local.lan> <[🔎] 20011116143630.A24998@stinky.trash.net> <[🔎] 20011118170621.D16509@fishbowl.madduck.net> <[🔎] 20011118175929.B25179@chiba.dyndns.org>

* Mathias Gygax <mg@trash.net> [2001.11.18 17:59:29+0100]:
> > thanks, you just made me laugh!
> you set lamer detector to orange.

alright, so my first step is to scale back and *not* flame. i am sorry
for posting my sarcastic comment.

i shall now try to sum up my points. we have been talking about
creating a system, in which even root can't do everything. in doing
so, we stumbled upon a problem of definition, because "root" can
either define to the line in /etc/{passwd,shadow} -- the user with UID
0, or it can define to the more abstract concept of system
administrator  or "root" of a system.

let me put it this way: historically, root is the center of a unix
system, well, the root. root is the only account that comes
"pre-installed", root's password is defined during installation.
again, historically, there is *nothing* that root cannot do.

there exist a collection of kernel patches and other goodies, which
take some of that responsibility away from root. now, it doesn't
matter what the definition is, someone installs these and that someone
can very well change them again. whether that someone is "root"
him/herself, or the "owner" of the system, who wants to make lilfe
easier for the chap that was appointed "root", there is *still*
someone in total control over the system. in such a case, "root"
merely slides down one level in the hierarchy, but the point is, you
cannot lose control over your own computer system.

therefore, any argument against "root is god" is futile and useless.
it *does* boil down to "if you don't trust the person owning the
server, don't use that machine," and i would be *very* interested to
hear actual arguments against that.

now, i realize that i've been saying things that have been said over
and over in this thread, but maybe mathias is right, maybe i am just a
lamer and a dork, and shouldn't be using computers anyway. i will
happily consider to give up this job of mine and go into the monastery
as soon as someone gives me one scenario in which i am using a
computer that i do not own (as was the setup at the beginning of the
thread), which i can use in a secure manner *without* the owner (or
root) of that machine ever possibly able to spy on me.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
as i was going up the stair
i met a man who wasn't there.
he wasn't there again today.
i wish, i wish he'd stay away.
                                                       --hughes mearns

Attachment: pgpaIan8InT8b.pgp
Description: PGP signature

Reply to:

References:
- Mutt & tmp files
  - From: Florian Bantner <f.bantner@axon-e.de>
- Re: Mutt & tmp files
  - From: Craig Dickson <crdic@yahoo.com>
- Root is God? (was: Mutt & tmp files)
  - From: "Mark Weinem" <mark.weinem@uni-duisburg.de>
- Re: Root is God? (was: Mutt & tmp files)
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Root is God? (was: Mutt & tmp files)
  - From: Mathias Gygax <mg@trash.net>
- Re: Root is God? (was: Mutt & tmp files)
  - From: martin f krafft <madduck@madduck.net>
- Re: Root is God? (was: Mutt & tmp files)
  - From: Mathias Gygax <mg@trash.net>

Prev by Date: Re: Root is God? (was: Mutt & tmp files)
Next by Date: filesystem errors
Previous by thread: Re: Root is God? (was: Mutt & tmp files)
Next by thread: Re: Mutt & tmp files
Index(es):
- Date
- Thread