pondering security (and related matters)

[Dick Dunn]

The discussion of security in GNU OS and attitudes about it got me thinking
about what people really mean when they say "security".  It struck me that
for my own use, I don't care much at all about security in the narrow sense
of the word...but I care a lot about two related matters which the "secur-
ity" system also addresses, namely safety and privacy.  I wonder how much
of what people would want out of a GNU OS would fall into these latter two
categories?  I'm thinking here about a machine I have at home which has
two frequent users and three or so occasional users.  It's a small, inex-
pensive machine and it has to be operated on a small amount of money; thus
it would (in some ways) be a logical candidate for a GNU OS.

Security:  Having lots of files globally readable doesn't bother me much
personally.  Anyone who's going to use the machine is reasonably trust-
worthy, meaning they're not going to go around trying to break things.
There are other situations where this doesn't seem to apply very well, but
bear with me for the moment.  Even I draw the line at letting just anyone
use the machine (for example, allowing a no-password dial-up login)--I
want to know who's using the machine.  I'm not horribly greedy or possess-
ive, but I did have to pay for the machine and I have to maintain it.  It
doesn't have lots of disk space or processing power.  If someone I know
asks me, "Could I have a login on raven?" I'll almost certainly say yes,
but I want to know about it.  A computer is a tool.  I will loan my tools,
but not to just anybody, because I need them available, in working order,
for myself.

Safety:  I don't see any reason to make lots of files globally writable.
The files I've got write-protected are just the files there's no intent to
overwrite.  I keep them write-protected so that nobody screws up and zaps
something carelessly.  There's nothing here inhibiting the "free access
to information"...any more than having a cover plate on an outlet inhibits
"free access to electricity" or throwing a piece of plywood over a trench
inhibits free access to the hole.  Seems to me that the idea of sharing
things is rather different from having someone force things on you or
throw them in your path.  It's this concern for safety where I'd most like
to see the no-security advocates state the counterargument:  Why should a
file *not* be write-protected, if the only thing that writing on it can do
is corrupt it?  Why should one user be given permission to disrupt
another?  Even if the disruption is unintentional, it's still disruptive.

Privacy:  I want to have some files which contain personal information.  To
the extent that I use a computer to extend my own thought processes, I
don't care for the idea of having all my thoughts bare to the world.  I may
leave a note for Diane, and I don't care to have someone read the private
thoughts I might want to share with her.  The number of such files is
small, but definitely nonzero.  I'd think it would have a chilling effect
on my use of a machine to know that I couldn't keep anything private.

The privacy consideration implies creating unreadable files.  That,
obviously, can be misused.  But do we really have to give up privacy?

Mike Haertel wrote:
> I (almost) quote RMS: `I do not believe there should be security among the
> users of a computer system.'...
>...RMS *really prefers* a lack of security.  (He doesn't mind a bit of
> auditing though, to see who last changed a source file . . .)

Hmmm...but how does the auditing work?  Surely it's not kept in a file,
because the file will (of course) be writable...

>     ...(I agree that in some situations it is reasonable
>     to have security to keep out outsiders, though.)

This may actually be a fairly revealing, useful statement.  Does it imply
that there's such a thing as a "user community" on the machine, and that
although there are no barriers among these users, there may very well be a
barrier between them and the outside?  That's a possible approach for a
single isolated machine, but I don't really know what the "user community"
of a machine on a network might be.
-- 
Dick Dunn      UUCP: {ncar,nbires}!ico!rcd           (303)449-2870
   ...Lately it occurs to me what a long, strange trip it's been.