Project Athena ( was Re: Non Destructive Version of rm)

[Henry Mensch]

asg at sage.cc.purdue.edu (The Grand Master) wrote: 
->Sorry, I just don't understand how giving anyone the right to mount
->any filesystem they wish, and then giving them root access to boot 
->does not at all compromise system security. Maybe you can explain this.

what's so hard to understand?  

there is nothing of value (i.e., user data, service provision) on an
workstation in an Athena-style environment.  this concept is that of
the dataless workstation; in this model, your workstation is like a
public telephone: you authenticate to it (with your Kerberos private
key/"password" for the workstation; with  your calling card or other
payment method to the public telephone), and you use it.  there's
nothing on the phone which guarantees you privileged access to any
other phone user's data on the network, and the same goes for the
Athena workstation.  

->Now it depends how you hook the Macs and PCs up to the network. 
->And also, dunno about your PC's, put the Public PC's at Purdue
->DO have accounts for special functions, and you are not allowed
->to mess with certain things without the right authority (kind of
->a root-type idea)

... and now i bring my laptop PC into a cluster (complete with network
card) and plug it into the network (of course, i unplug an existing PC
from the network).

explain how your paradigm of PC/Mac administration solves this problem.

->Now, if you are saying that the people in the computer dept do not
->know if they can trust the SYSADMINs in the MATH dept, well then 
->you should do something about that.

that's not possible.  there are 36 000 students at purdue university,
and several thousand staff.  the fact that much of the computing staff
on your campus hangs together now, or when i worked there, or in the
future is coincidental ... institutional politics can change all that
in a second.

->Then why don't you tell us oh master of computing?

you can educate yourself; there are papers available which describe the
various Athena network services ... FTP to ATHENA-DIST.MIT.EDU ...
look in the pub directory.

->It is not an unnecessary restriction. Again, Why don't you tell us how
->it can be that I can be allowed to mount any filesystem I choose,
->log in as root, and still not do harm to the any of your systems. 
->At the very least, can I not wipe the entire root directory of the
->workstation clean?

certainly.  no great harm done; workstations can be reloaded in less
than five minutes over the  network.  remember:  there's nothing
unique to the contents of a workstation's disk that precludes this
sort of reloading/updating on the fly.

->You seem to have people authorized to change source whom you
->do not trust (or you wouldna need to have accountability). I suggest
->that those peole be let go.

it's not clear how you deduced this from what Mr Kamens said.  offer a
rationale for this statement.

--
# Henry Mensch / Advanced Decision Systems / <henry at ads.com>