Unix security additions

Martin Weitzel martin at mwtech.UUCP
Mon Apr 8 19:48:22 AEST 1991


In article <1991Mar22.024124.3238 at eci386.uucp> woods at eci386.UUCP (Greg A. Woods) writes:
[In answer to article <PCG.91Mar17174428 at aberdb.test.aber.ac.uk> pcg at test.aber.ac.uk (Piercarlo Antonio Grandi)]
...
>Yes, higher levels of security do require some of the features you
>mentioned (such as removing the concept of a "superuser").
...
Well, I know this complaint that UNIX isn't secure because there is
one person who can read the files of all others ... but what if there
were no such privilege?

	- how should checks of the filesystem integrity, backups and
	  restores be done if not some few programs could acces the raw
	  information of the disk?
	- how should new system software be installed?

If their exists a privileged account for the above mentioned activities
(and name the OS on which there is no such account) then the door is open
for installing any program you whish which does anything you whish with
the data on the disk! Furthermore: If there is a person who can do backups
on physically removable media, even if this person has not the privilege
to read all the users data, how do you control what he or she does with
the backups *after* removing the media?

I especially *like* the design of UNIX for making it so clear to everyone
that the things left on the computers disk are by no means more secure as
the things you leave in your office (to which your boss has a key - at least
for a case of emergency).

Again, name the OS on which the things I described here are not possible.
I'm not interested in hearing that they are purely more difficult, e.g.
because there is no "superuser account" and special rights like accessing
the raw disk is only granted to some few programs. You can have this on
UNIX too by simply creating some few new logins with UID 0 but the
mentioned special programs (backup/restore, filesystem check, etc.)
as "login shell". The "real" super user account must only be known for
for extremly few activities, like installing new software and configuring
the kernal.
-- 
Martin Weitzel, email: martin at mwtech.UUCP, voice: 49-(0)6151-6 56 83



More information about the Comp.unix.internals mailing list