Complex security mechanism is unsecure

Kristoffer Eriksson ske at pkmab.se
Sun Dec 16 00:01:09 AEST 1990 

In article <6886 at titcce.cc.titech.ac.jp> mohta at necom830.cc.titech.ac.jp (Masataka Ohta) writes:
>In article <4627 at pkmab.se> ske at pkmab.se (Kristoffer Eriksson) writes:
>
>>(If, in stead, you break into that account by using some bug in some
>>set-uid program owned by that account, then it wouldn't exactly be more
>>secure to have that program owned by root, so that is no way to avoid my
>>argument.)
>
>The complexity of the security mechanism is different.

What security mechanism are you talking about? What is more complicated?
And I don't think it is relevant, anyway.

>>But that is fairly easy to prevent for a non-user account. Just make it
>>impossible to login to that account.
>
>Yes, it is fairly easy if you know what to do.

I don't see how it is significantly easier to protect the root account alone.

>But, with a complex security mechanism, it is difficult for an average
>system administrator to know what to do.

I don't find it that complex. Really, I think that the addition of more
than one ring of security by using other uids than only root is very
valuable and costs next to nothing in extra complexity.

>A careless administrator may even think that it is safe to give some
>half-trusted user "uucp" privilege.

Make the administrator do all work in assembler, and maybe he won't dare
do anything at all, and we will get a very "secure" system...

No, I think this argument is of no significance. To prevent carelessnes, you
want to remove a useful security feature? My judgement is that root would
become more vulnerable to simple mistakes, rather than less.

>"uucp" has large capability over files owned by "uucp" and referenced by
>"root". That is the reality.

When does root need to reference uucp files?

>"=always="? No, "unless the security mechanism become complex" is
>the condition.

It doesn't become very much more complex.

-- 
Kristoffer Eriksson, Peridot Konsult AB, Hagagatan 6, S-703 40 Oerebro, Sweden
Phone: +46 19-13 03 60  !  e-mail: ske at pkmab.se
Fax:   +46 19-11 51 03  !  or ...!{uunet,mcsun}!sunic.sunet.se!kullmar!pkmab!ske

More information about the Comp.unix.internals mailing list