Alternate Shells
Ken Arnold%CGL
arnold at ucsfcgl.UUCP
Thu Aug 29 06:06:34 AEST 1985
In article <275 at uwvax.UUCP> david at wisc-rsch.arpa (David Parter) writes:
>> Next joke, please. Suffice it to say that "lock" isn't nearly as
>> secure as it might lead you to believe. This probably isn't the
>> place to go into the details of why, but I wouldn't trust the
>> standard "lock" to protect anything I valued.
>> Doug Hosking
>possible solutions:
> 1) don't leave your terminal (logged in) alone.
> 2) fix lock, if you need a secure locking mechanism for yourself
> or your users. We have made some fixes to it.
All missing the point. You try and convince a bunch of beginning
programmers that they should never walk away from their terminal
without locking it. You'll get to about 80% of them initially, and
then after about a week, people will start to get careless, and you
start getting a very low compliance rate. Also, as security sometimes
one will just ask a friend to watch the terminal while they go to the
bathroom, and that friend is the one who plays the practical joke.
In the real world, you just cannot convince *everyone* (or even a
significant fraction) to be paranoid; most people just don't think that
way. Hell, even *I* don't think that way all the time, thank
goodness. The software should assume a somewhat hostile environment.
If you don't believe me, let me point out that changing the login shell
to /bin/cat and changing someone's password both lock them out of their
account. Do I hear anyone arguing that passwd should stop asking for
the current password before changing it to something else? No. So why
shouldn't chsh give some security? There are better ways than the
two-shell restriction currently in use, but some such restriction is
needed.
Ken Arnold
More information about the Comp.unix
mailing list