Getting rid of the root account
Peter da Silva
peter at ficc.uu.net
Sun Jun 11 00:15:22 AEST 1989
In article <16658 at rpp386.Dallas.TX.US>, jfh at rpp386.Dallas.TX.US (John F. Haugh II) writes:
> Proving a kernel secure is not sufficient. You must also prove that all
> of the programs executing with privilege are secure. By creating more
> programs to manage privilege you are creating a larger task.
This is questionable.
I would much rather prove that the superuser is safe and then verify <N>
seperate programs than prove that <N> sets of routines in the kernel are
all secure. For one thing you can do it incrementally.
And you're still going to have a bunch of programs that will have to be
verified.
--
Peter da Silva, Xenix Support, Ferranti International Controls Corporation.
Business: uunet.uu.net!ficc!peter, peter at ficc.uu.net, +1 713 274 5180.
Personal: ...!texbell!sugar!peter, peter at sugar.hackercorp.com.
More information about the Comp.unix.wizards
mailing list