feldman@umd5.umd.edu (Mark Feldman) (06/08/89)
In article <5152@pt.cs.cmu.edu> avie@wb1.cs.cmu.edu (Avadis Tevanian) writes: > >Please people, stay calm... It seems to me that most of the people complaining about NeXT security are somewhat frustrated, but for the most part calm. The frustration comes from liking many aspects of the NeXT, but knowing that the next load of workstations to be purchased will be from Sun, DEC, or someone else, because NeXTs cannot be secured in a hostile (or just ignorant) environment. >Most people who buy a machine expect to be able to do whatever they want >with their machine, including setting the time and date. Making it easy to accidentally clobber a machine is nothing to brag about. The ability for any user to easily and arbitrarily change the date and time -- functions as important to the security, integrity, and correct operation of a UNIX box as file permissions -- is a mis-feature. Joe user probably doesn't know the consequences of this action. If a user is allowed to make such a mistake without being forced to become root (knowing that actions taken as root can have severe consequences), he may injure himself, other users on the same machine, and the aftermath will eventually get back to me as a NeXT support consultant. My favorite is the fact that BuildDisk is setuid root and executable by all. All too easy. > If you need to >administer someone's machine for them, then they will live by your rules >(presumably). If this is the case, then just turn off the setuid bit for >Preferences, for example. It's not so much ``my rules'' as common sense. I'm not one for leaving the keys in the ignition and the engine running when I'm away from my car. Most people aren't. Why is it NeXT's default? If somone knows enough about his environment, let him remove the safeguards, but don't make it the default. Why do you bother fsck'ing the file systems at boot time? To maintain the integrity of the system. > >This may disable some other features that you wanted a user to retain (from >Preferences), but most other things will still work (those that affect the >defaults database, for example). Kludges that may cause some desired features not to work in order to help prevent accidents? We have a NeXT set aside for people to try. I have no hope of securing it against a malicious attack. I have attempted to protect it from accidental harm. Perhaps my efforts are mis-directed. Perhaps I should let the faculty and staff that try the NeXT experience the results of an accident. > >-- >Avadis Tevanian, Jr. (Avie) >Manager, System Software Group / Chief Operating System Scientist >NeXT, Inc. >avie@cs.cmu.edu or avie@NeXT.com >-- Avie, I see from a later posting that there will be some sort of hardware security under 1.0 ROMs, but what kind? When will it be officialy announced? Must we wait until 1.0 comes out to see if it really meets our needs? There is a large community willing to help NeXT, to test intermediate fixes and provide helful hints -- if they are given the chance. Not being kept up to date with NeXT's planned changes is a real source of frustration. Mark