rcd@ico.ISC.COM (Dick Dunn) (06/08/89)
The discussion of security in GNU OS and attitudes about it got me thinking about what people really mean when they say "security". It struck me that for my own use, I don't care much at all about security in the narrow sense of the word...but I care a lot about two related matters which the "secur- ity" system also addresses, namely safety and privacy. I wonder how much of what people would want out of a GNU OS would fall into these latter two categories? I'm thinking here about a machine I have at home which has two frequent users and three or so occasional users. It's a small, inex- pensive machine and it has to be operated on a small amount of money; thus it would (in some ways) be a logical candidate for a GNU OS. Security: Having lots of files globally readable doesn't bother me much personally. Anyone who's going to use the machine is reasonably trust- worthy, meaning they're not going to go around trying to break things. There are other situations where this doesn't seem to apply very well, but bear with me for the moment. Even I draw the line at letting just anyone use the machine (for example, allowing a no-password dial-up login)--I want to know who's using the machine. I'm not horribly greedy or possess- ive, but I did have to pay for the machine and I have to maintain it. It doesn't have lots of disk space or processing power. If someone I know asks me, "Could I have a login on raven?" I'll almost certainly say yes, but I want to know about it. A computer is a tool. I will loan my tools, but not to just anybody, because I need them available, in working order, for myself. Safety: I don't see any reason to make lots of files globally writable. The files I've got write-protected are just the files there's no intent to overwrite. I keep them write-protected so that nobody screws up and zaps something carelessly. There's nothing here inhibiting the "free access to information"...any more than having a cover plate on an outlet inhibits "free access to electricity" or throwing a piece of plywood over a trench inhibits free access to the hole. Seems to me that the idea of sharing things is rather different from having someone force things on you or throw them in your path. It's this concern for safety where I'd most like to see the no-security advocates state the counterargument: Why should a file *not* be write-protected, if the only thing that writing on it can do is corrupt it? Why should one user be given permission to disrupt another? Even if the disruption is unintentional, it's still disruptive. Privacy: I want to have some files which contain personal information. To the extent that I use a computer to extend my own thought processes, I don't care for the idea of having all my thoughts bare to the world. I may leave a note for Diane, and I don't care to have someone read the private thoughts I might want to share with her. The number of such files is small, but definitely nonzero. I'd think it would have a chilling effect on my use of a machine to know that I couldn't keep anything private. The privacy consideration implies creating unreadable files. That, obviously, can be misused. But do we really have to give up privacy? Mike Haertel wrote: > I (almost) quote RMS: `I do not believe there should be security among the > users of a computer system.'... >...RMS *really prefers* a lack of security. (He doesn't mind a bit of > auditing though, to see who last changed a source file . . .) Hmmm...but how does the auditing work? Surely it's not kept in a file, because the file will (of course) be writable... > ...(I agree that in some situations it is reasonable > to have security to keep out outsiders, though.) This may actually be a fairly revealing, useful statement. Does it imply that there's such a thing as a "user community" on the machine, and that although there are no barriers among these users, there may very well be a barrier between them and the outside? That's a possible approach for a single isolated machine, but I don't really know what the "user community" of a machine on a network might be. -- Dick Dunn UUCP: {ncar,nbires}!ico!rcd (303)449-2870 ...Lately it occurs to me what a long, strange trip it's been.
maujf@warwick.ac.uk (Mike Taylor) (06/09/89)
In article <15836@vail.ICO.ISC.COM> rcd@ico.ISC.COM (Dick Dunn) writes: > I'd think it would have a chilling effect on my use of a machine to > know that I couldn't keep anything private. S'funny, I'da though that as well, but a while back, a number of us found a lot of holes in the machines here, and the result was that so many people had ways to crack them that (for a while at least) security was almost non-existant ... I'm glad to say that things have tightened up a bit now, but when it came down to it, I realised that even if people *did* have root acess, they had better things to do that plough through huge wodges of other people's mail. So I didn't really mind that much, after the first shock. 'Course, if you have *real* sensitive data, (death-star blueprints and so on :-), then it's another matter altogether. ______________________________________________________________________________ Mike Taylor - {Christ,M{athemat,us}ic}ian ... Email to: mirk@uk.ac.warwick.cs