Unix security additions

John F Haugh II jfh at rpp386.cactus.org
Mon Apr 15 22:18:09 AEST 1991 

In article <1092 at mwtech.UUCP> martin at mwtech.UUCP (Martin Weitzel) writes:
>jfh> At some point in time you have to trust the people you've hired to do
>jfh> their jobs.
>
>Wait a minute: Given the scenario that in a (badly configured) UNIX system
>I have to give a privilegded account to those people who have to care for
>backups. Now I complain: This is really bad - I don't trust these people and
>fear they will use their privilegded account to sneak into other user's files.

THEN DON'T DO IT.  It makes absolutely no sense whatsoever to have
passwords on the user accounts then to give superuser authority to
someone that you know is going to break into the other user's
accounts.  If you give the authority to modify any user account to
someone you can't trust to not abuse the authority, you have the
same situation.  And so on for every privileged role.

>Under this circumstances, would it be wise to trust the same people that
>they don't take the backup tapes and read them anywhere else?

If you don't have physical security (i.e., they can take the tapes
anywheres they want) and you can't trust your personnel, I'd suggest
you turn off the computer system and just give up.

Basically your complaint is that you must give privileges to people
that you can't trust not to abuse them, and that you can't control
the data once they've take it.  Sounds like you got a rather serious
problem on your hands.  Good luck.

>My claim still is that this can be done without changing the kernel, and
>that the added security you win *if* you make enhancements to the kernel
>is far less than the chance that some people you hired to do their jobs
>CAN'T be trusted.

These are not the same problems.  They aren't even related to each
other.  Particularly since the former is meant to prevent things
that the later can't address, such as people you didn't hire accessing
your system.  The only completely secure computer is sitting in a room,
with no outside connections, powered off, and encased in concrete.  If
you insist on hiring people you think are going to violate the systems
security, there is no point in keeping out the rest of the world.  You've
already given the keys to the bad guys.
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) |  Domain: jfh at rpp386.cactus.org
"If liberals interpreted the 2nd Amendment the same way they interpret the
 rest of the Constitution, gun ownership would be mandatory."

More information about the Comp.unix.admin mailing list