security for large sites
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Thu Sep 27 06:06:37 AEST 1990
In article <1990Sep26.180538.9484 at crl.dec.com> wojcik at crl.dec.com writes:
> I think that
> in the same way you cannot test for the absence of bugs, (only the presence)
> you cannot test for a secure system.
That isn't always true. I can, for example, inspect a directory tree,
observe that the directory tree has no setuid files, and be sure that a
chroot()ed process with one uid will not be able to affect files with a
different uid unless kernel security is flawed.
> Security isn't something you add on, it has to be designed into the
> organizational and computational systems we use.
Not necessarily. The system with the simplest security rules has the
best chance of obeying those rules to the letter, and is easiest to test
for a particular security policy.
I don't disagree with the point you're making, but some of your
arguments are a little weak.
---Dan
More information about the Comp.unix.large
mailing list