home *** CD-ROM | disk | FTP | other *** search
- From: peter@ficc.ferranti.com (peter da silva)
-
- In article <769@longway.TIC.COM> From: pkr@sgi.com (Phil Ronzone)
- > I'm not sure what the "DoD-style" words mean, but UNIX has been very deficient
- > for much serious commercial work due to the "simple-minded" approach it has
- > had.
-
- This may well be true. But for a large set of problems the existing UNIX
- security approach is quite sufficient. If you don't have the actual hardware
- secured it's overkill.
-
- > >Only if it's possible to turn everything off and go back to /etc/passwd
- > >and /etc/shadow, and a superuser. That way when something goes wrong you'll
- > >be able to boot from tape or floppy, edit a couple of files, and recover
- > >the system.
-
- > >Because something *will* go wrong.
-
- > I don't see what this has to do with security.
-
- I know of at least one case where a hard error in the user database for
- a system required sending a letter from the president of the user's
- company to the vendor to get them to explain how to regain access to the
- system. Security and convenience are opposed goals, and sometimes a system
- MUST be available.
-
- If *all* POSIX conformant systems come with a stronger security system than
- UNIX installed, it must be possible to set things up so that security system
- can be defeated and a new system set up with physical access to the hardware.
- It's acceptable for there to be some magic one-way juju that you can do to
- put the system into a highly secure state, but it should not come that way.
- I will neither purchase nor recommend any system I can't get into and rebuild
- the access system with a boot floppy and the console.
- --
- Peter da Silva. `-_-'
- +1 713 274 5180.
- <peter@ficc.ferranti.com>
-
- Volume-Number: Volume 20, Number 95
-
-