libes@nbs-amrf.UUCP (Don Libes) (11/09/86)
It would be nice if customer's could have the option of turning off certain security options such as the VAX's zero-fill on brk. No one at our site is interested in perusing through used memory. I am wondering if there are other "features" we could turn off. (e.g. protecting /dev/*mem) Perhaps our site is unusual. I don't know. On approx. 50 machines (most running UNIX) we have no passwords except our gateway (to the world) machine. There are no root passwords. We have been running this way for 3 years and have yet to regret it. (Actually once, someone accidentally ruined /bin/login but it wasn't that hard to restore.) I suspect we have the same ratio of wizards to naive users that everyone else has. We had a lot of discussions before doing this, but we finally agreed to do it for a trial period (or until the first rm *, whichever came first). Everyone liked it a lot and now no one wants to go back. One of the surprising things is the number of programs that don't work if you don't have a password. ftp comes to mind. I wish we could delete all the password code and anything else that we really don't use (we already deleted the Fortran compiler :-). I'm not confusing this with file protection or kernel vs user mode. Don't get me wrong - I'm not asking for an unreliable system. I could give dozens of reasons why the no password environment works, but I'm not trying to convince anyone else to switch so I won't. I'm only trying to get an answer to the question posed above (with this explanation as to why I'm asking it) and maybe some reactions. Perhaps the only point against lack of security is that some of our software is proprietary, and we are obliged to protect it. We had an incident before we stopped using passwords, where someone walked out with a whole set of backup tapes (we tend to leave the machine room door propped open because our AC is flakey). This person didn't even have to login to steal the house! If I was charged with enforcing system security I would go nuts, with the current trend in desktop systems and Joe-beginner being his own root. In any case, I think I have managed to drive home the point locally that users shouldn't depend on the computer for security, only processing power. Now we are connecting the whole campus on a (logical) ethernet and some of the other groups are warning us that they don't trust their users as much as we respect ours. I think they're going to be in for a rude shock when they realize their password can be read by anyone listening promiscuously. I can't wait. Don Libes {seismo,umcp-cs}!nbs-amrf!libes Password? Never had it. Never will.