[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Securing Web Servers
From:       smith () sctc ! com (Rick Smith)
Date:       1997-02-10 14:49:08
[Download RAW message or body]

Last Monday, Matthew Archibald wrote:

>I know, the famous 'we obivate the need for root' statement
>is flashy to mainframe centric minded folks but really, no
>matter how you do it the system always has one priveledged
>user id or another regardless if the name is 'root', 'seosadmin'
>or 'barney'...

Disagree.

There is probably no security concept more rooted in the mainframe world
than the notion that you must have a single, all powerful userid. It takes
a lot of work to make a particular userid all-powerful among a group of
distributed systems, unless you have low standards for acceptable security.
If mainframe-centric folks dislike the one all-powerful userid, then it's
because they have years of experience with its security drawbacks.

When OS/360 first came out, Conventional Wisdom was that users needed to be
able to write their own channel programs, essentially, custom writing
device drivers for individual application programs. This was eventually
recognized to be a Bad Idea from an architectural standpoint. I hope the
same future will hold true for "root." I recognize it will be a while
before OSes do this: it's already taking a long time for the kernel
mode/user mode distinction to work its way into desktop OSes.

Rick.
smith@sctc.com          secure computing corporation

[prev in list] [next in list] [prev in thread] [next in thread]