Re: In Praise of Dos (RE: Mutt & tmp files)

[John Galt <galt@inconnu.isu.edu>]

On Mon, 19 Nov 2001, Howland, Curtis wrote:

>To be blunt, I don't think one can entirely protect ones self from root,
>nor do I believe it's an "All Good" idea.
>
>Root Is God. This is a multi-user, full-time, "networked" device. Root
>bears the responsibility of everything that happens to that machine.
>They are answerable to everyone, not just one user.

No, root had best not be god.  NSA Rainbow book pretty much states that 
for C systems that the administrator should be able to delete files, but 
may not necessarily be able to read them.  In a B system, administrative 
duties are dealt with by a committee, no one of which may necessarily 
have permissions to read a file, but all in concert must be able to 
delete.  You're missing a large point here: root doesn't have to have RWX 
access on everything to be able to do their job, -WX may do the trick.

>For all its faults, Dos taught us what it was like to be in complete
>control of ones own machine. No other users, no daemons, no "services".
>Programs ran in a vacuum. I really like such control for single-user
>machines from a security standpoint, even though I prefer the
>functionality of Linux.

No, DOS taught us how to allow for a system to be compromised at the drop 
of a hat.  If you have unquestioned authority over your system, others can 
have it too.

>However, I also like the fact that when my wife's Win98 device crapped
>out and was sent to the shop for repair, it was no effort to simply
>"adduser x" . The beauty of a multi-user machine. She can get the
>functions she needs until her machine comes back, but she now has to
>trust me that I won't "less /var/spool/mail/x" as root.
>
>If you cannot trust root, don't use that machine for anything you want
>to be secure.

Probably a good dictum, but not really feasable in most cases.  Do you 
trust your ISP?  They have root on the system that forwards mail to you...  

>Curt-
>
>ps: From a personal perspective, I think Linux is about where Windows
>3.0 was. This is not a troll, just a usability thing.

Win 3.0 was broken and unusable, you know that?  The Win 3.0 -> 3.1 
upgrade was actually a usability patch kit, and propagated for free.  Win 
3.0 is the GUI equivalent to DOS 4: a version that MS would just as soon 
forget.

That being said, and assuming that you're not comparing linux to a 
broken version of Windows, So?  Win 3.X (I'd actually put the usability 
more in WfWG area myself) was the last usable system MS came up with IMHO.  
Win 3.X is the last system that had hardware requirements based on 
objective criteria and allowed the system control that you lauded in your 
main email.  Win 95+ started doing things for you, and NEVER does them the 
way they should be done.  Perhaps it just takes longer to do things 
right...


>-----Original Message-----
>From: Daniel D Jones [mailto:ddjones@riddlemaster.org]
>...  We're talking about trying to protect 
>yourself from legitimate root on a system where you're merely a user.
>-----
>
>
>

-- 
void hamlet()
{#define question=((bb)||(!bb))}

Who is John Galt?  galt@inconnu.isu.edu. that's who!