Getting rid of the root account
Mike Taylor
maujf at warwick.ac.uk
Fri Jun 9 21:28:30 AEST 1989
In article <16650 at rpp386> jfh at rpp386.cactus.org (John F. Haugh II) writes:
> In article <10370 at smoke.BRL.MIL> gwyn at brl.arpa (Doug Gwyn) writes:
>> The kernel implementation of UID 0 being the ONLY privileged UID along
>> with the set-UID implementation is small and simple enough to be
>> completely validated.
> Agreed. You may trivially verify that the suser() function performs
> the desired result. This is not news. Now go verify that the
> utilities which execute with root privilege perform their intended
> function.
You keep saying this. The point is, _it's_not_the_kernel's_fault!_
Just because a lot of people have written insecure utilities and
persuaded other people to make them setuid root, doesn't make the
fundamental system insecure -- it just makes the people stupid, and
that really _isn't_ news! :-)
If UNIX had been written with "layered privileges" in the kernel,
(instead of the system we have whereby you can build them using groups
and the suid mechanism), then its security would still be the mess it
is today, just because that is what people are like.
______________________________________________________________________________
Mike Taylor - {Christ,M{athemat,us}ic}ian ... Email to: mirk at uk.ac.warwick.cs
More information about the Comp.unix.wizards
mailing list