On Thu, Jan 11, 2007 at 03:06:33AM EST, Andrei Popescu wrote: > On Wed, 10 Jan 2007 17:52:18 -0500 > cga2000 <[EMAIL PROTECTED]> wrote: > > > Mind you, and this is not directly related to the above, I sometimes > > have this bizarre feeling that much of this awkwardness we have to > > deal with -- in X certainly .. but from the linux console as well, > > albeit to a lesser extent -- eventually boils down to the *NIX model > > not having been designed from the ground up with security in mind. > > Huh?
Well, here's what the authors of The UNIX Haters' handbook have to say as a preamble to Chapter 12. Security -- Oh, I'm Sorry Sir, Go Ahead, I Didn't Realize You Were Root: "The term "Unix security" is, almost by definition, an oxymoron because the Unix operating system was not designed to be secure, except for the vulnerable and ill-designed root/rootless distinction. Security measures to thwart attack were an afterthought. Thus, when Unix is behaving as expected, it is not secure, and making Unix run "securely" means forcing it to do unnatural acts. It's like the dancing dog at a circus, but not as funny-- especially when it is your files that are being eaten by the dog." True, the book was published over ten years ago (with contributions from respected security maven Simson Garfinkel) .. but regarding the nixes' security model and this root/rootless business I can't see that anything much has changed. > > I just cannot see why you should need something extreme such as root > > access to install/maintain software. > > And let users install any malware they get across on the internet just > because it popped up a window with "install me"? Well .. the malware could be the installer itself, no..? It _is_ software after all. If I was up to no good that's exactly where I'd stick my mal-code.. only runs once .. under root, usually .. does its stuff .. removes itself.. and pop goes the weasel .. Why should install programs run with the "extreme" privileges I mentioned earlier when it is totally unnecessary in the first place? Why risk compromising the entire system when you could limit the scope of the exploit to a program maintenance/installation? Think large ships ... how they are designed to ensure that if the hull is breached .. water does not take over the entire vessel. Besides, isn't this practice of switching to root whenever you install a program in clear violation of the first -- 2nd, 3rd .. ? principle of computer security .. ?? -- ie. users of a given system should not be granted more privileges than necessary to perform the tasks that fall within the scope of their position. No reason I can think of why Joe Consultant should have read/write access to the company's payroll files or other confidential data when all he needs is permission to upgrade a couple of binaries in usr/bin. > > Maybe that with some contortions > > this could be achieved within the *NIX security model by defining a > > privileged group and making sure software packaging takes this into > > account .. maybe not. Not for me to decide. > > > > :-) > > Of course this can be done. It's even not so difficult to set-up using > sudo. I'm not really convinced. I'm no expert, but sudo does sound a bit like the "dancing dog at the circus" to me .. For one thing, KISS is another fundamental principle where system security is concerned and in this respect, sudo does not seem to go in the right direction. Thanks. cga -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
