GNU, security, and RMS

John Chambers jc at minya.UUCP
Tue Jun 13 06:18:25 AEST 1989 

> (1) Anyone who thinks a UNIX-compatible system can be `secure' has
>     some serious delusions.  Timing windows and covert channels abound.

Unlike any other operating systems, I guess.  And unless it's perfect,
it's unacceptable, so why bother?

> (2) There should not be security among the users of a computer system.
>     The principal use I have seen security put to has been the self-
>     aggrandizement of system administrators at the expense of the
>     user community.  (I agree that in some situations it is reasonable
>     to have security to keep out outsiders, though.)

You've all been missing the major reason I like some sort of security.
It keeps dumb/careless users (like me ;-) from shooting themselves in
the foot (to steal a useful metaphor).

I wish I had a buck for every time a DOS user has deleted or overwritten
"system" files on their PC, and then been mystified by the machine's
strange behavior until someone restored the file somehow.  With such
money, I could buy myself a Cray as a toy.  And we've all grown tired 
of the debates triggered by some poor Unix user typing "rm * .o", right?  
(Not that any of us has done this; this *is* unix.wizards, isn't it? ;-) 
 
In my mind, the question isn't so much whether there should be security;
it is how best to arrange the security so that it interferes with the
destruction of files that shouldn't be destroyed, while not interfering
with writing files that should be written.  To do this successfully would
likely require some sort of AI, if not prescience, on the part of the 
security system.  But the basic Unix security system, if understood and 
judiciously applied, can go a long way towards keeping things safe without 
undue interference with getting a job done.  Teaching users to use it
can be difficult, though I've found that waiting until they accidentally
delete their own files gives them a real motive to listen.

One of the things I'd like to see (in GNU, or in any other system) is
a security system that can be understood by relatively novice users,
i.e., it wouldn't be much more complicated than Unix's security system,
and which does a better job of refusing things which in retrospect turn
out to have been a bad idea.  Anyone have any good ideas?

-- 
#echo 'Opinions Copyright 1989 by John Chambers; for licensing information contact:'
echo '	John Chambers <{adelie,ima,mit-eddie}!minya!{jc,root}> (617/484-6393)'
echo ''
saying

More information about the Comp.unix.wizards mailing list