On Mon, 19 Nov 2001, Howland, Curtis wrote: >To be blunt, I don't think one can entirely protect ones self from root, >nor do I believe it's an "All Good" idea. > >Root Is God. This is a multi-user, full-time, "networked" device. Root >bears the responsibility of everything that happens to that machine. >They are answerable to everyone, not just one user.
No, root had best not be god. NSA Rainbow book pretty much states that for C systems that the administrator should be able to delete files, but may not necessarily be able to read them. In a B system, administrative duties are dealt with by a committee, no one of which may necessarily have permissions to read a file, but all in concert must be able to delete. You're missing a large point here: root doesn't have to have RWX access on everything to be able to do their job, -WX may do the trick. >For all its faults, Dos taught us what it was like to be in complete >control of ones own machine. No other users, no daemons, no "services". >Programs ran in a vacuum. I really like such control for single-user >machines from a security standpoint, even though I prefer the >functionality of Linux. No, DOS taught us how to allow for a system to be compromised at the drop of a hat. If you have unquestioned authority over your system, others can have it too. >However, I also like the fact that when my wife's Win98 device crapped >out and was sent to the shop for repair, it was no effort to simply >"adduser x" . The beauty of a multi-user machine. She can get the >functions she needs until her machine comes back, but she now has to >trust me that I won't "less /var/spool/mail/x" as root. > >If you cannot trust root, don't use that machine for anything you want >to be secure. Probably a good dictum, but not really feasable in most cases. Do you trust your ISP? They have root on the system that forwards mail to you... >Curt- > >ps: From a personal perspective, I think Linux is about where Windows >3.0 was. This is not a troll, just a usability thing. Win 3.0 was broken and unusable, you know that? The Win 3.0 -> 3.1 upgrade was actually a usability patch kit, and propagated for free. Win 3.0 is the GUI equivalent to DOS 4: a version that MS would just as soon forget. That being said, and assuming that you're not comparing linux to a broken version of Windows, So? Win 3.X (I'd actually put the usability more in WfWG area myself) was the last usable system MS came up with IMHO. Win 3.X is the last system that had hardware requirements based on objective criteria and allowed the system control that you lauded in your main email. Win 95+ started doing things for you, and NEVER does them the way they should be done. Perhaps it just takes longer to do things right... >-----Original Message----- >From: Daniel D Jones [mailto:[EMAIL PROTECTED] >... We're talking about trying to protect >yourself from legitimate root on a system where you're merely a user. >----- > > > -- void hamlet() {#define question=((bb)||(!bb))} Who is John Galt? [EMAIL PROTECTED] that's who!