GNU, security, and RMS
Mike Haertel
mike at thor.acc.stolaf.edu
Sat Jun 3 14:48:46 AEST 1989
Since everyone is making such a big deal about `security and RMS' I thought
I would try to clarify things a bit. I am employed by the Free Software
Foundation, and I have known Richard for about a year. Perhaps this will
stop all the wasted bandwidth in useless speculation.
In article <15812 at vail.ICO.ISC.COM> rcd at ico.ISC.COM (Dick Dunn) writes:
>I've seen several postings which seem to assert that the GNU folks won't be
>interested in security because that's somehow at odds with free software.
Security is not at odds with free softare, but . . .
>Is there some other part
>of the FSF philosophy (or RMS' personal philosophy, or whatever) that says
>that security is a Bad Thing?
Yes.
I (almost) quote RMS: `I do not believe there should be security among the
users of a computer system.' (He posted (approximately) this statement to
one of the GNU newsgroups sometime back, when someone was complaining that
the default emacs Makefile installs things 777 mode.)
>>...(On the other hand, the lack
>> of security that RMS prefers would be the biggest stumbling block in getting
>> people to *use* GNU...
>
>This is what really makes me wonder--*does* RMS really prefer a lack of
>security, or are we/you/they putting words in his mouth?
RMS *really prefers* a lack of security. (He doesn't mind a bit of
auditing though, to see who last changed a source file . . .)
The GNU system will of course support the UNIX ownership and protection
mechanisms, but I find it highly unlikely whether we at the FSF will
implement anything more. Other people can if they like, and we might
even redistribute it along with other non-FSF user-contributed software.
But it's a pretty sure bet that even if we distribute such a system we
will never support it in any way.
As for my beliefs on the subject:
(1) Anyone who thinks a UNIX-compatible system can be `secure' has
some serious delusions. Timing windows and covert channels abound.
(2) There should not be security among the users of a computer system.
The principal use I have seen security put to has been the self-
aggrandizement of system administrators at the expense of the
user community. (I agree that in some situations it is reasonable
to have security to keep out outsiders, though.)
--
Mike Haertel <mike at stolaf.edu>
``There's nothing remarkable about it. All one has to do is hit the right
keys at the right time and the instrument plays itself.'' -- J. S. Bach
More information about the Comp.unix.wizards
mailing list