Standards Update, IEEE 1003.6: Security

[peter da silva]

From:  peter at ficc.ferranti.com (peter da silva)

In article <769 at longway.TIC.COM> From: pkr at sgi.com (Phil Ronzone)
> I'm not sure what the "DoD-style" words mean, but UNIX has been very deficient
> for much serious commercial work due to the "simple-minded" approach it has
> had.

This may well be true. But for a large set of problems the existing UNIX
security approach is quite sufficient. If you don't have the actual hardware
secured it's overkill.

> >Only if it's possible to turn everything off and go back to /etc/passwd
> >and /etc/shadow, and a superuser. That way when something goes wrong you'll
> >be able to boot from tape or floppy, edit a couple of files, and recover
> >the system. 

> >Because something *will* go wrong.

> I don't see what this has to do with security.

I know of at least one case where a hard error in the user database for
a system required sending a letter from the president of the user's
company to the vendor to get them to explain how to regain access to the
system. Security and convenience are opposed goals, and sometimes a system
MUST be available.

If *all* POSIX conformant systems come with a stronger security system than
UNIX installed, it must be possible to set things up so that security system
can be defeated and a new system set up with physical access to the hardware.
It's acceptable for there to be some magic one-way juju that you can do to
put the system into a highly secure state, but it should not come that way.
I will neither purchase nor recommend any system I can't get into and rebuild
the access system with a boot floppy and the console.
-- 
Peter da Silva.   `-_-'
+1 713 274 5180.
<peter at ficc.ferranti.com>

Volume-Number: Volume 20, Number 95